[asterisk-users] My Asterisk Box was hacked

Захаров Антон instnt at mail.ru
Thu Jul 21 01:55:03 CDT 2011


Yeap, drop out box is normal idea. But it's strongly wired what type of 
hack was. If it was only traffic leak without any footsteps in your 
system (shell history, files modification time, logs) I don't think that 
box couldn't be used any longer. Try to use port knocking ( 
http://www.portknocking.org/ ) for opening SSH ports for more secure 
access.
And if you have enough time, box could be reinstalled. Malvin Rito is 
right. Attacker could place rootkit on your system that couldn't easily 
detected.

On 21.07.2011 10:31, Steve Edwards wrote:
>> On 21.07.2011 09:29, Malvin Rito wrote:
>
>>> My asterisk box was hacked!
>
> On Thu, 21 Jul 2011, Захаров Антон wrote:
>
>> First of all, you should disable unused VoIP protocols.
>
> Once a box has been hacked you cannot trust anything.
>
> Disconnect the box from the network, save whatever DATA ONLY you 
> cannot live without, DBAN the disk and start over.
>
> Before you re-install the OS, read up on what you should have done the 
> first time.
>
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>                 http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>     http://lists.digium.com/mailman/listinfo/asterisk-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20110721/256701e5/attachment.htm>


More information about the asterisk-users mailing list