[asterisk-users] Someone has hacked into our system
Magosányi Árpád
mag at magwas.rulez.org
Mon Nov 22 11:19:39 CST 2010
Blocking udp 5060 in the packet filter in unwanted directions should
keep asterisk from setting up SIP connections.
The real remedy is to figure out how the hacker got in and close the
backdoor.
I think a lot of us would be interested in what was the vulnerability.
And if it turns out that it was a configuration mistake, don't be shy:
for every mistake you did in your config, there are at least a thousand
people who did the same mistake. You help them (us) by disclosing the
error, and if you have already changed the configuration you should not
have the error at that time.
On 2010-11-22 17:37, Danny Nicholas wrote:
> ------------------------------------------------------------------------
>
> *From:* asterisk-users-bounces at lists.digium.com
> [mailto:asterisk-users-bounces at lists.digium.com] *On Behalf Of *Gary
> Kuznitz
> *Sent:* Monday, November 22, 2010 10:23 AM
> *To:* Asterisk Users Mailing List - Non-Commercial Discussion
> *Subject:* [asterisk-users] Someone has hacked into our system
>
> Someone has hacked into our system and is making calls overseas.
>
> How can I:
>
> 1. Find out the where the calls are originating from?
>
> 2. Block all calls that are not authorized?
>
> Our system is in the USA.
>
> Only calls from inside our LAN are allowed.
>
> Thank you,
>
> Gary Kuznitz
>
> For #1, start with the CDR. You know that X is calling an overseas
> number. Determine who X is (or is supposed to be)
>
> For #2 (and the rest of #1) restrict your dialing access to a known
> set of IP's. If you have 5 phones (softphones or actual handsets),
> block everything that doesn't start with those 5 IP addresses.
>
> The first thing I would do is to change all of your passwords in
> sip.conf and do a sip reload. That will slow down or temporarily stop
> the hacker.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20101122/4464f9a8/attachment.htm
More information about the asterisk-users
mailing list