[asterisk-dev] New Feature Idea

Tzafrir Cohen tzafrir.cohen at xorcom.com
Sun Sep 26 06:39:38 CDT 2010


On Sun, Sep 26, 2010 at 01:11:31PM +0200, Nir Simionovich wrote:
>   Hi All,
> 
>    As some of you know, I'm currently involved in developing an 
> Anti-Fraud system.
> I've recently analyzed an Asterisk hack that happened about 2 weeks ago. 
> The hack
> involved the hacking of the "asterisk-config" tool via an insecure 
> website, then
> adding a new context with "NoCDR" application in it.
> 
>    This introduced a very interesting problem. Asterisk enables calls to 
> traverse without
> CDR's being created what so ever. I believe the the NoCDR application 
> should have a small
> config file indicating if no CDR are created, or if only manager events 
> of CDRs are sent out.
> If someone disables CDRs completely, then if they get hacked and there 
> is no record,
> it's their responsibility - however, the default should generate manager 
> events at least.

If one was able to update the dialplan, one would also be able to update
nocdr.conf or whatever.

> If you then go about an connect an external system, at least that one 
> should have some
> visibility of it.

The call would also appear in your logs if you're verbose enough.

> 
>    What do you think?

If someone has broken into a system, that someone has direct access to
the CDR records anyway[*]

[*] Granting the asterisk user only 'CREATE' permission and not
'UPDATE'/'DELETE' does help here, though.

-- 
               Tzafrir Cohen
icq#16849755              jabber:tzafrir.cohen at xorcom.com
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir



More information about the asterisk-dev mailing list