[asterisk-users] How to stop intruder from registering sip?

Martin asterisklist at callthem.info
Fri Jun 11 20:41:38 CDT 2010


When will you people learn ... you set the secret=0000
and it's one of the many frequent passwords most people sets out of
being lazy ...

that simply says ... guess my password and call through my pbx for free ...

so again ...

1) bad people scan extensions 100-199 and 1000-9999 trying to guess
your password
if you were nice enough to set it within a known statistical easy guess

2) either use complicated passwords and sip accounts other than
100-199 1000-9999 or install the fail2ban

Martin

On Fri, Jun 11, 2010 at 4:55 PM, sean darcy <seandarcy2 at gmail.com> wrote:
> This is a small 12 line system, internal extensions 150 - 180. I didn't
> have a phone on 151. Here's the sip.conf stanza:
>
> ;;[151]
> ;;type=friend
> ;;context=longdistance
> ;;callerid="Conf Room" <151>
> ;;secret=0000
> ;;host=dynamic
> ;;qualify=yes
> ;;dtmfmode=rfc2833
> ;;allow=all
> ;;defaultuser=151
> ;;nat=yes
> ;;canreinvite=no
>
> There's no DISA. And then somehow (how???) ip address 79.117.17.247
> becomes extension 151 and starts making calls to West Africa.
>
> Now contactdeny and contactpermit over solve the problem. For instance,
> I can't register with my voip provider. I don't care about peers who I
> make calls to, or receive calls from. I'm just stunned someone can
> become a peer and make calls themselves.
>
> How do I fix this in some reasonable way.
>
> sean
>
> [Jun 10 15:51:19] VERBOSE[1662] chan_sip.c:     -- Registered SIP '151'
> at 79.117.17.247 port 5060
> [Jun 10 15:51:20] NOTICE[1662] chan_sip.c: Peer '151' is now Reachable.
> (161ms / 2000ms)
> [Jun 10 15:51:20] NOTICE[1662] chan_sip.c: Received SIP subscribe for
> peer without mailbox: 151
> [Jun 10 15:51:21] VERBOSE[1662] netsock.c:   == Using SIP RTP TOS bits 184
> [Jun 10 15:51:21] VERBOSE[1662] netsock.c:   == Using SIP RTP CoS mark 5
> [Jun 10 15:51:21] VERBOSE[1662] netsock.c:   == Using SIP VRTP CoS mark 6
> [Jun 10 15:51:21] VERBOSE[1662] netsock.c:   == Using UDPTL TOS bits 184
> [Jun 10 15:51:21] VERBOSE[1662] netsock.c:   == Using UDPTL CoS mark 5
> [Jun 10 15:51:22] VERBOSE[4780] pbx.c:     -- Executing
> [01125240212154 at longdistance:1] Answer("SIP/151-000000ae", "") in new stack
> [Jun 10 15:51:22] VERBOSE[4780] pbx.c:     -- Executing
> [01125240212154 at longdistance:2] Gosub("SIP/151-000000ae",
> "DialOut,s,1(01125240212154
> ,DAHDI/g0)") in new stack
> .........
> [Jun 10 15:51:22] VERBOSE[4780] pbx.c:     -- Executing [s at DialOut:9]
> Dial("SIP/151-000000ae", "DAHDI/g0/01125240212154") in new stack
> [Jun 10 15:51:22] VERBOSE[4780] chan_dahdi.c:     -- Requested transfer
> capability: 0x00 - SPEECH
> [Jun 10 15:51:22] VERBOSE[4780] app_dial.c:     -- Called g0/01125240212154
> [Jun 10 15:51:22] VERBOSE[4780] app_dial.c:     -- DAHDI/2-1 is
> proceeding passing it to SIP/151-000000ae
> [Jun 10 15:51:23] VERBOSE[4780] app_dial.c:     -- DAHDI/2-1 is making
> progress passing it to SIP/151-000000ae
> [Jun 10 15:51:23] VERBOSE[4780] app_dial.c:     -- DAHDI/2-1 is making
> progress passing it to SIP/151-000000ae
> [Jun 10 15:51:25] VERBOSE[4780] app_dial.c:     -- SIP/151-000000ae
> requested special control 16, passing it to DAHDI/2-1
> [Jun 10 15:51:25] VERBOSE[4780] channel.c:     -- Music class default
> requested but no musiconhold loaded.
> [Jun 10 15:51:25] VERBOSE[4780] app_dial.c:     -- SIP/151-000000ae
> requested special control 20, passing it to DAHDI/2-1
>
>
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>



More information about the asterisk-users mailing list