[asterisk-users] Security - What inbound variables can attackers populate or use when calling?

jwexler at mail.usa.com jwexler at mail.usa.com
Sat Aug 7 01:46:36 CDT 2010


> Use fail2ban.  Also, read some of the security advisories from earlier
this year about being sure to always use a FILTER statement whenever you're
dialing using > a variable (most notably ${EXTEN}).
http://downloads.asterisk.org/pub/security/AST-2010-002.html



Thanks Warren!!

 

 

From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Warren Selby
Sent: Saturday, August 07, 2010 1:35 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Security - What inbound variables can
attackers populate or use when calling?

 

On Fri, Aug 6, 2010 at 10:53 PM, <jwexler at mail.usa.com> wrote:

Someone from Amsterdam was trying to register yesterday using an automated
program which tried roughly 1,000 or so username password combinations
before I shut asterisk down and added his/her ip to iptables to drop it. I
wonder if I can configure the system to automatically detect such an attack
in progress (e.g., a 1,000+ registration failures from the same ip is an
'attack') and the ip's to iptables, hosts.deny, etc. on the fly. That might
be another topic I guess?





Use fail2ban.  Also, read some of the security advisories from earlier this
year about being sure to always use a FILTER statement whenever you're
dialing using a variable (most notably ${EXTEN}).
http://downloads.asterisk.org/pub/security/AST-2010-002.html

-- 
Thanks,
--Warren Selby
http://www.selbytech.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100807/570ab5e0/attachment.htm 


More information about the asterisk-users mailing list