<html><head><meta http-equiv="Content-Security-Policy" content="script-src 'self'; img-src * cid: data:;"><style id="outgoing-font-settings">#response_container_BBPPID{font-family: initial; font-size:initial; color: initial;}</style></head><body style="background-color: rgb(255, 255, 255); background-image: initial; line-height: initial;"><div id="response_container_BBPPID" style="outline:none;" dir="auto" contenteditable="false"> <div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width:100%;"> John,</div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width:100%;"><br></div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width:100%;">There are a lot of factors at play for instance are you using a gui that has a known vlun? Is there mysql running on the box with a simple password? Perhaps they didnt hack your PBX but they comprised a SIP phone  and once they had the credentials  they made calls? Do you have a provisioning system?</div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width:100%;"><br></div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width:100%;">We have seen all of the above. Most of the compromises we are seeing these days is either via a Provisioning server or phones that are accessible on the internet with weak passwords </div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width:100%;"><br></div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width:100%;"><br></div>                                                                                                                                      <div name="BB10" id="response_div_spacer_BBPPID" dir="auto" style="width:100%;"> <br style="display:initial"></div>                            <div id="blackberry_signature_BBPPID" name="BB10" dir="auto">     <div id="_signaturePlaceholder_BBPPID" name="BB10" dir="auto"><p dir="ltr">Regards,</p><p dir="ltr">Dovid</p></div> </div></div><div id="_original_msg_header_BBPPID" dir="auto">                                                                                                                                             <table width="100%" style="background-color: white; border-spacing: 0px; display: table; outline: none;" contenteditable="false"><tbody><tr><td colspan="2" style="padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);">                           <div style="border-right: none; border-bottom: none; border-left: none; border-image: initial; border-top: 1pt solid rgb(181, 196, 223); padding: 3pt 0in 0in; font-family: Tahoma, "BB Alpha Sans", "Slate Pro"; font-size: 10pt;">  <div id="from"><b>From:</b> john@xaccel.net</div><div id="sent"><b>Sent:</b> June 16, 2019 18:37</div><div id="to"><b>To:</b> asterisk-users@lists.digium.com</div><div id="reply_to"><b>Reply-to:</b> asterisk-users@lists.digium.com</div><div id="subject"><b>Subject:</b> [asterisk-users] Hacking</div></div></td></tr></tbody></table> <br> </div><!--start of _originalContent --><div name="BB10" dir="auto" style="background-image: initial; line-height: initial; outline: none;" contenteditable="false"><div id="ssc141219"><style>#ssc141219 p.MsoNormal,#ssc141219 li.MsoNormal,#ssc141219 div.MsoNormal{margin: 0in;margin-bottom: 1.0E-4pt;font-size: 11pt;font-family: "Calibri", sans-serif;}#ssc141219 a:link,#ssc141219 span.MsoHyperlink{color: rgb(5, 99, 193);text-decoration: underline;}#ssc141219 a:visited,#ssc141219 span.MsoHyperlinkFollowed{color: rgb(149, 79, 114);text-decoration: underline;}#ssc141219 .MsoChpDefault{font-family: "Calibri", sans-serif;}#ssc141219 div.WordSection1{}</style><div><div class="WordSection1">
<p class="MsoNormal">Anyone know how someone can hack an asterisk box and register with every single account on the box.</p>
<p class="MsoNormal">This box only has 3 accounts, with very complex passwords. Have VoIP blacklist setup and fail2ban…</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">The hackers were able to make 2 calls to Cuba before my alerting system texted me.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">I am running asterisk 16.3 with PJSIP.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">This is my only box open to the outside world, a requirement for this one customer.</p>
<p class="MsoNormal">Looked into my logs… can't find anything out of the ordinary.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Any ideas ?</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><br>
<br>
</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">  Contact:  <Aor/ContactUri..............................> <Hash....> <Status> <RTT(ms)..></p>
<p class="MsoNormal">==========================================================================================</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">  Contact:  12120001001/sip:<a href="mailto:12120001001@5.79.64.23">12120001001@5.79.64.23</a>:9227    ee80678930 NonQual         nan</p>
<p class="MsoNormal">  Contact:  848842405/sip: <a href="mailto:848842405@5.79.64.23">848842405@5.79.64.23</a>:9227                  031ed703ba NonQual         nan</p>
<p class="MsoNormal">  Contact:  848842405/sip: <a href="mailto:848842405@5.79.64.23">848842405@5.79.64.23</a>:9227                  031ed703ba NonQual         nan</p>
<p class="MsoNormal">  Contact:  ghbhhm0000/sip:<a href="mailto:ghbhhm0000@5.79.64.23">ghbhhm0000@5.79.64.23</a>:9227      959fc8fbf4 NonQual         nan</p>
<p class="MsoNormal">  Contact:  ghbhhm0000/sip:<a href="mailto:ghbhhm0000@5.79.64.23">ghbhhm0000@5.79.64.23</a>:9227      959fc8fbf4 NonQual         nan</p>
<p class="MsoNormal">  Contact:  ghbhhm0000/sip:<a href="mailto:ghbhhm0000@5.79.64.23">ghbhhm0000@5.79.64.23</a>:9228      d7bf838918 NonQual         nan</p>
<p class="MsoNormal">  Contact:  ghbhhm0000/sip:<a href="mailto:ghbhhm0000@5.79.64.23">ghbhhm0000@5.79.64.23</a>:9228      d7bf838918 NonQual         nan</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Any helps is much appreciated.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">John Bittner</p>
<p class="MsoNormal">CTO</p>
<p class="MsoNormal"><img width="172" height="47" id="Picture_x0020_1" src="cid:image001.png@01D52472.6325C8F0" alt="xaccellogoemail"></p>
<p class="MsoNormal">380 US Highway 46, Suite 500</p>
<p class="MsoNormal">Totowa, NJ 07512</p>
<p class="MsoNormal">Phone: <a href="tel:2018062602,2405">201.806.2602 x2405</a></p>
<p class="MsoNormal">Fax:       <a href="tel:2018062604">201.806.2604</a></p>
<p class="MsoNormal">Cell:       <a href="tel:9733901090">973.390.1090</a></p>
<p class="MsoNormal"><a href="http://www.xaccel.net/"><span style="color:blue">www.xaccel.net</span></a></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><b><i><span style="font-size:7.5pt;color:gray">CONFIDENTIALITY NOTICE:<br>
This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential<br>
and privileged information which should not be shared or forwarded. Any unauthorized review, use, disclosure or distribution<br>
is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the e-mail.</span></i></b></p>
<p class="MsoNormal"> </p>
</div></div>
</div><!--end of _originalContent --></div></body></html>