<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Our provisioning servers listen on a
high numbered port. We generally don't have any issues with
scanning...</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Cheers,</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">j<br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">On 6/18/19 7:18 AM, John Runyon wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CADCiM6tLTGqO8w2tE2SEBy73woxVDiOwwt624CjsbN-3tAxnFg@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="auto">Just to jump in on this, this just started
happening to our system a couple days ago. (To the tune of 3GB
of webserver access logs yesterday)
<div dir="auto">Our server gives them a 403 for /yealink/ (and a
404 for everything else) - given that they're still trying to
bruteforce it, it looks like I'm gonna be changing it to give
them a 404.<br>
<div dir="auto">Looks like someone's making a big effort to
find provisioning files though.</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Mon, Jun 17, 2019, 13:35
John Kiniston <<a href="mailto:johnkiniston@gmail.com"
moz-do-not-send="true">johnkiniston@gmail.com</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div>
<div>
<div>
<div dir="ltr"><br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Sun,
Jun 16, 2019 at 3:37 PM John T. Bittner
<<a href="mailto:john@xaccel.net"
target="_blank" rel="noreferrer"
moz-do-not-send="true">john@xaccel.net</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div lang="EN-US">
<div
class="m_169053726736589130gmail-m_-1833021964774015584WordSection1">
<p class="MsoNormal">Anyone know how
someone can hack an asterisk box
and register with every single
account on the box.</p>
<p class="MsoNormal">This box only
has 3 accounts, with very complex
passwords. Have VoIP blacklist
setup and fail2ban…</p>
</div>
</div>
</blockquote>
</div>
<br>
</div>
I've seen this happen when web-based
provisioning is used, I have seen attempts to
download configuration files off of my
provisioning server increase in frequency over
the last two years.<br>
<br>
</div>
The 'Hacker' will do a get on /polycom /cisco
/yealink /aastra /mitel etc, If they get a valid
response they will start enumerating mac
addresses<br>
<br>
/polycom/0004F2018101.cfg<br>
/polycom/0004F2018102.cfg<br>
...<br>
</div>
/polycom/0004F2018109.cfg<br>
<br>
</div>
<div>Then they will use any credentials gained in
the download attack to place calls, registering as
needed.<br>
</div>
<div dir="ltr"><br>
</div>
</div>
</div>
</div>
</div>
</div>
-- <br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a
href="http://www.api-digital.com" rel="noreferrer
noreferrer" target="_blank" moz-do-not-send="true">http://www.api-digital.com</a>
--<br>
<br>
Check out the new Asterisk community forum at: <a
href="https://community.asterisk.org/" rel="noreferrer
noreferrer" target="_blank" moz-do-not-send="true">https://community.asterisk.org/</a><br>
<br>
New to Asterisk? Start here:<br>
<a
href="https://wiki.asterisk.org/wiki/display/AST/Getting+Started"
rel="noreferrer noreferrer" target="_blank"
moz-do-not-send="true">https://wiki.asterisk.org/wiki/display/AST/Getting+Started</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a
href="http://lists.digium.com/mailman/listinfo/asterisk-users"
rel="noreferrer noreferrer" target="_blank"
moz-do-not-send="true">http://lists.digium.com/mailman/listinfo/asterisk-users</a></blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
</blockquote>
<p><br>
</p>
</body>
</html>