[asterisk-users] Securing Asterisk
--[ UxBoD ]--
uxbod at splatnix.net
Tue Jul 26 02:29:13 CDT 2011
That is pretty interesting. I am writing a similar tool but using OSSEC to identify the attacks and then share the data between nodes using Memcached and AnyEvent. Both Asterisk and Apache, or any other server that can run OSSEC, will be able to feed into the shared ban database.
--
Thanks, Phil
----- Original Message -----
> Why not firewall hack attempts after 3 tries? When we started doing
> that the quantity of hacking attempts dropped right off. We also
> setup
> our own fail2ban sharing server so that we could share the bans
> across
> multiple servers. Have a look at
> http://www.f2bshare.org/index.php?title=Main_Page if you want to do
> something similar. Why try to make Asterisk into something it's not
> intended to be? Just use your firewall for what it's good at.
>
> --
> Darren Wiebe
>
>
> On 7/23/11 11:38 AM, CDR wrote:
> > I beg to differ. Digium is hiding from the real world and somebody
> > is
> > going take the software and run with it. My customers lost in
> > excess
> > of $50.000 and cut my pay in half, because of hackers. The hackers
> > figured out how to scan every asterisk for weak passwords or open
> > ports, and bang them real good. We need two things: a) disable in
> > sip.conf the reply for INVITES that have wrong user information,
> > and
> > also, b) disable any response to any REGISTER packet altogether.
> > Can
> > somebody please write patch? Or should we go broke trying to stop
> > the
> > flood of criminals coming from abroad?
> > Federico
> >
> > On Sat, Jul 23, 2011 at 1:00 PM,
> > <asterisk-users-request at lists.digium.com> wrote:
> >> Send asterisk-users mailing list submissions to
> >> asterisk-users at lists.digium.com
> >>
> >> To subscribe or unsubscribe via the World Wide Web, visit
> >> http://lists.digium.com/mailman/listinfo/asterisk-users
> >> or, via email, send a message with subject or body 'help' to
> >> asterisk-users-request at lists.digium.com
> >>
> >> You can reach the person managing the list at
> >> asterisk-users-owner at lists.digium.com
> >>
> >> When replying, please edit your Subject line so it is more
> >> specific
> >> than "Re: Contents of asterisk-users digest..."
> >>
> >>
> >> Today's Topics:
> >>
> >> 1. Re: use dahdi for local terminal modem access? (Lyle Giese)
> >> 2. dialplan pattern help (Armand Fumal)
> >> 3. Re: Securing Asterisk - How to avoid sending, "SIP/2.0 603
> >> Declined" (Patrick Lists)
> >> 4. Re: Securing Asterisk - How to avoid sending, "SIP/2.0 603
> >> Declined" (Paul Belanger)
> >>
> >>
> >> ----------------------------------------------------------------------
> >>
> >> Message: 1
> >> Date: Sat, 23 Jul 2011 09:29:26 -0500
> >> From: Lyle Giese<lyle at lcrcomputer.net>
> >> Subject: Re: [asterisk-users] use dahdi for local terminal modem
> >> access?
> >> To: asterisk-users at lists.digium.com
> >> Message-ID:<4E2ADAC6.4010101 at lcrcomputer.net>
> >> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> >>
> >>
> >> On 07/22/11 22:47, William Stillwell wrote:
> >>> Um, no VOIP involved here.
> >> Wrong. What do you think Asterisk is? Chopped meat? It's a VoIP
> >> switch. All traffic inside Asterisk is VoIP.
> >>
> >>> I have an asterisk server with 2 23B+D PRI's
> >>>
> >>> I want to telnet/ssh into the asterisk server, and make an
> >>> outbound call
> >>> serial based modem/terminal connection (Like the 80/90's BBS
> >>> Days).
> >>>
> >>> No TCP/IP or PPP or crazyness
> >>>
> >>> (ie, dialing into a Modem set to AA hooked to a Cisco Console
> >>> Port)
> >>>
> >>>
> >>>
> >>>> -----Original Message-----
> >>>> From: asterisk-users-bounces at lists.digium.com
> >>>> [mailto:asterisk-users-
> >>>> bounces at lists.digium.com] On Behalf Of Lyle Giese
> >>>> Sent: Friday, July 22, 2011 8:07 PM
> >>>> To: asterisk-users at lists.digium.com
> >>>> Subject: Re: [asterisk-users] use dahdi for local terminal modem
> >>>> access?
> >>>>
> >>>> On 07/22/11 18:13, William Stillwell wrote:
> >>>>> I have some terminals that have phone lines.
> >>>>>
> >>>>> One of my tech had an idea of using IAXmodem or something
> >>>>> similar to
> >>>> use
> >>>>> existing PRI/DAHDI Trucks for dial out via the asterisk/Linux
> >>>> console.
> >>>>> Anybody ever heard of doing this?
> >>>>>
> >>>>> I would think maybe would use iaxmodem maybe and a shell
> >>>>> terminal
> >>>> app?
> >>>>> (basically I'm dialing into a remote access device that uses a
> >>>>> pots
> >>>> like
> >>>>> for remote administration, and don't want to string a channel
> >>>>> bank
> >>>> off
> >>>>> my asterisk box, and a hook to a modem)
> >>>>>
> >>>>>
> >>>>>
> >>>>> --
> >>>> Depends on your expectation. Because of compression in the
> >>>> codecs, it
> >>>> will be hard to get fast dialup. If you mean ssh or telnet, it
> >>>> might
> >>>> work. If you mean vnc or RDP over this, you may not get enough
> >>>> usable
> >>>> bandwidth to do that.
> >>>>
> >>>> Given this, I have in an emergency dialed into a RAS server via
> >>>> a VoIP
> >>>> line. My laptop connected at 14,400bps. All I needed to do was
> >>>> telnet
> >>>> into an APC masterswitch to toggle power on one outlet. It
> >>>> worked.
> >>>>
> >>>> I was surprised at getting a 14,400bps connect. I was not
> >>>> expecting
> >>>> that high and really did not need that high. 300 baud probably
> >>>> would
> >>>> have been fast enough to telnet into an APC masterswitch.
> >>>>
> >>>> Lyle Giese
> >>>> LCR Computer Services, Inc.
> >>>>
> >>>> --
> >>>> _____________________________________________________________________
> >>>> -- Bandwidth and Colocation Provided by
> >>>> http://www.api-digital.com --
> >>>> New to Asterisk? Join us for a live introductory webinar every
> >>>> Thurs:
> >>>> http://www.asterisk.org/hello
> >>>>
> >>>> asterisk-users mailing list
> >>>> To UNSUBSCRIBE or update options visit:
> >>>> http://lists.digium.com/mailman/listinfo/asterisk-users
> >>>
> >>> --
> >>> _____________________________________________________________________
> >>> -- Bandwidth and Colocation Provided by
> >>> http://www.api-digital.com --
> >>> New to Asterisk? Join us for a live introductory webinar every
> >>> Thurs:
> >>> http://www.asterisk.org/hello
> >>>
> >>> asterisk-users mailing list
> >>> To UNSUBSCRIBE or update options visit:
> >>> http://lists.digium.com/mailman/listinfo/asterisk-users
> >>
> >>
> >>
> >> ------------------------------
> >>
> >> Message: 2
> >> Date: Sat, 23 Jul 2011 14:30:42 +0000
> >> From: Armand Fumal<af at cybernet.lu>
> >> Subject: [asterisk-users] dialplan pattern help
> >> To: "asterisk-users at lists.digium.com"
> >> <asterisk-users at lists.digium.com>
> >> Message-ID:
> >> <2584E1ABC3629C4D85A61B8DC4D27297096F1432 at EXCHANGELU.lu.cybernet.local>
> >>
> >> Content-Type: text/plain; charset="us-ascii"
> >>
> >> Hi all,
> >>
> >> I need help for make a pattern for a special case that i can't
> >> find the solution.
> >>
> >> In my case I want to match these in one pattern:
> >>
> >> This is the same ext that can come in 4 cases
> >>
> >> exten => _42704701,1,Macro(dialfax,${EXTEN:-8}) ; case
> >> with 42704701
> >> exten => _X42704701,1,Macro(dialfax,${EXTEN:-8}) ;
> >> case with 042704701
> >> exten => _XXXX42704701,1,Macro(dialfax,${EXTEN:-8}) ; case
> >> with +3242704701
> >> exten => _XXX42704701,1,Macro(dialfax,${EXTEN:-8}) ;
> >> case with 3242704701
> >>
> >> I have try _.42704701 but the parser stop to check after the point
> >> "." :-(
> >>
> >> So did you have any suggestion ?
> >>
> >> Regards
> >>
> >> Armand Fumal
> >>
> >>
> >>
> >>
> >> ------------------------------
> >>
> >> Message: 3
> >> Date: Sat, 23 Jul 2011 17:48:44 +0200
> >> From: Patrick Lists<asterisk-list at puzzled.xs4all.nl>
> >> Subject: Re: [asterisk-users] Securing Asterisk - How to avoid
> >> sending, "SIP/2.0 603 Declined"
> >> To: Asterisk Users Mailing List - Non-Commercial Discussion
> >> <asterisk-users at lists.digium.com>
> >> Message-ID:<4E2AED5C.9080901 at puzzled.xs4all.nl>
> >> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> >>
> >> On 07/23/2011 04:00 PM, Paul Belanger wrote:
> >>> A UAS rejecting an offer contained in an INVITE SHOULD return a
> >>> 488
> >>> (Not Acceptable Here) response. Such a response SHOULD include a
> >>> Warning header field value explaining why the offer was rejected.
> >> If the choice is to get hacked/DDOS'ed/etc or compliance with an
> >> RFC
> >> created by people who had no appreciation for the rather ugly
> >> world out
> >> there then why not throw the RFC out of the window and *not*
> >> reject an
> >> invite with a 488? It sounds like an interesting option to add to
> >> "10"/trunk. Better secure than compliant& sorry. Why not do a
> >> little
> >> Microsoft Embrace& Extent? Like e.g. Sonus and Cisco do with
> >> their
> >> interpretation of SIP.
> >>
> >> Regards,
> >> Patrick
> >>
> >>
> >>
> >> ------------------------------
> >>
> >> Message: 4
> >> Date: Sat, 23 Jul 2011 12:07:49 -0400
> >> From: Paul Belanger<pabelanger at digium.com>
> >> Subject: Re: [asterisk-users] Securing Asterisk - How to avoid
> >> sending, "SIP/2.0 603 Declined"
> >> To: asterisk-users at lists.digium.com
> >> Message-ID:<4E2AF1D5.80305 at digium.com>
> >> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> >>
> >> On 11-07-23 11:48 AM, Patrick Lists wrote:
> >>> On 07/23/2011 04:00 PM, Paul Belanger wrote:
> >>>> A UAS rejecting an offer contained in an INVITE SHOULD return a
> >>>> 488
> >>>> (Not Acceptable Here) response. Such a response SHOULD include a
> >>>> Warning header field value explaining why the offer was
> >>>> rejected.
> >>> If the choice is to get hacked/DDOS'ed/etc or compliance with an
> >>> RFC
> >>> created by people who had no appreciation for the rather ugly
> >>> world out
> >>> there then why not throw the RFC out of the window and *not*
> >>> reject an
> >>> invite with a 488? It sounds like an interesting option to add to
> >>> "10"/trunk. Better secure than compliant& sorry. Why not do a
> >>> little
> >>> Microsoft Embrace& Extent? Like e.g. Sonus and Cisco do with
> >>> their
> >>> interpretation of SIP.
> >>>
> >> Personally, I don't see this as a solutions. SIP already provides
> >> some
> >> ability to help with security (EG: TLS, SRTP) however that is
> >> basically
> >> the extent of it.
> >>
> >> The way I see it, it is outside the scope of SIP; it's a signaling
> >> protocol. If 'security' is really something you want to establish,
> >> many
> >> existing tools are available to handle this (EG: VPN, firewalls,
> >> encryption, etc).
> >>
> >> As previously mentioned, there is no easy, simple solution.
> >> Securing
> >> ones services takes work (and time) to do it right. Most people
> >> don't
> >> want to spend the effort monitoring it.
> >>
> >> --
> >> Paul Belanger
> >> Digium, Inc. | Software Developer
> >> twitter: pabelanger | IRC: pabelanger (Freenode)
> >> Check us out at: http://digium.com& http://asterisk.org
> >>
> >>
> >>
> >> ------------------------------
> >>
> >> _______________________________________________
> >> --Bandwidth and Colocation Provided by
> >> http://www.api-digital.com--
> >>
> >> AstriCon 2010 - October 26-28 Washington, DC
> >> Register Now: http://www.astricon.net/
> >>
> >> asterisk-users mailing list
> >> To UNSUBSCRIBE or update options visit:
> >> http://lists.digium.com/mailman/listinfo/asterisk-users
> >>
> >> End of asterisk-users Digest, Vol 84, Issue 44
> >> **********************************************
> >>
> > --
> > _____________________________________________________________________
> > -- Bandwidth and Colocation Provided by http://www.api-digital.com
> > --
> > New to Asterisk? Join us for a live introductory webinar every
> > Thurs:
> > http://www.asterisk.org/hello
> >
> > asterisk-users mailing list
> > To UNSUBSCRIBE or update options visit:
> > http://lists.digium.com/mailman/listinfo/asterisk-users
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
More information about the asterisk-users
mailing list