[asterisk-users] Securing Asterisk
Robert-iPhone
rhuddleston at gmail.com
Sat Jul 23 14:17:16 CDT 2011
Such a pointless argument. The same problem can happen on any voip platform including freeswitch.
Again it's a knowledge thing.
BTW if you were paying attention to your logs or practiced good admin skills you would have seen the attacks and stopped them.
I swear by fail2ban and other hardening techniques. If you honestly think you can just run the box out in the open after running a yum / apt or
rpm command you are in the wrong position.
Know this is going to sound harsh but you deserve the pay cut if not termination.
Sent from my iPhone
On Jul 23, 2011, at 2:13 PM, "Danny Nicholas" <danny at debsinc.com> wrote:
> Simple economics tells me that we can't pay enough guys $X U.S. to stop the
> problem when we are competing with multiple folks working for $0.X US.
> Asterisk isn't the problem, it's just another limb on the victim tree.
>
> -----Original Message-----
> From: asterisk-users-bounces at lists.digium.com
> [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Paul Belanger
> Sent: Saturday, July 23, 2011 1:10 PM
> To: asterisk-users at lists.digium.com
> Subject: Re: [asterisk-users] Securing Asterisk
>
> On 11-07-23 01:38 PM, CDR wrote:
>> I beg to differ. Digium is hiding from the real world and somebody is
>> going take the software and run with it. My customers lost in excess
>> of $50.000 and cut my pay in half, because of hackers. The hackers
>> figured out how to scan every asterisk for weak passwords or open
>> ports, and bang them real good. We need two things: a) disable in
>> sip.conf the reply for INVITES that have wrong user information, and
>> also, b) disable any response to any REGISTER packet altogether. Can
>> somebody please write patch? Or should we go broke trying to stop the
>> flood of criminals coming from abroad?
>> Federico
>>
> I'm not sure I understand your statement. Because your customer was hacked
> for $50,000 and your pay was cut in half, it is a result of Digium (or the
> Asterisk project) 'hiding from the real world'?
>
> Your previous point aside, may I ask how your client solved the problem?
> I'm assuming they are still operating an Asterisk box without the patches
> you have requested.
>
> --
> Paul Belanger
> Digium, Inc. | Software Developer
> twitter: pabelanger | IRC: pabelanger (Freenode) Check us out at:
> http://digium.com & http://asterisk.org
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to
> Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
More information about the asterisk-users
mailing list