[asterisk-users] Unregistred users can pass calls, peer being static

wins mallow wins.mallow at gmail.com
Wed Jan 27 06:35:00 CST 2010


On Wed, 2010-01-27 at 11:47 +0100, Administrator TOOTAI wrote:
> Hi,
> 
> we had an attack on a server and we don't understand how it was 
> possible, Asterisk 1.4.28/Debian Lenny 5.1 Attacker came from PALTEL, 
> network 188.161.128.0/18
> 
> Hacked account had following setup:
> 
> [111]
> type=friend
> username=111
> context=from-111
> host=11.22.33.44
> dtmfmode=auto
> qualify=yes
> nat=yes
> canreinvite=no
> defaultip=11.22.33.44
> port=35060
> disallow=all
> allow=ulaw,alaw
> call-limit=2
> 
> Despite this, I saw in my logs that someone hacked this account and 
> could place calls! in logs we have:
> 
> [Jan 27 04:00:13] ERROR[29715] chan_sip.c: Peer '111' is trying to 
> register, but not configured as host=dynamic
> [Jan 27 04:00:13] NOTICE[29715] chan_sip.c: Registration from 
> '<sip:111 at ourAsteriskIP>' failed for '188.161.152.245' - Peer is not 
> supposed to register
> [Jan 27 04:00:18] VERBOSE[30669] logger.c:     -- Executing 
> [972599400749 at from-111:1] NoOp("SIP/111-000016eb", "Incoming call from 
> AAAA") in new stack
> 
> As you see 111 could place a call even having not registered, which he 
> is not supposed to do.
> 
> How is this possible?
> 
> -- 
> Daniel
> 
Check your sip.conf
allowguest=no


-- 
Best regards, Vince Mallow
xmpp: wins at jabber.slan.ru 
web: http://gentoo-way.blogspot.com




More information about the asterisk-users mailing list