[asterisk-dev] New Feature Idea
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Sun Sep 26 06:39:38 CDT 2010
On Sun, Sep 26, 2010 at 01:11:31PM +0200, Nir Simionovich wrote:
> Hi All,
>
> As some of you know, I'm currently involved in developing an
> Anti-Fraud system.
> I've recently analyzed an Asterisk hack that happened about 2 weeks ago.
> The hack
> involved the hacking of the "asterisk-config" tool via an insecure
> website, then
> adding a new context with "NoCDR" application in it.
>
> This introduced a very interesting problem. Asterisk enables calls to
> traverse without
> CDR's being created what so ever. I believe the the NoCDR application
> should have a small
> config file indicating if no CDR are created, or if only manager events
> of CDRs are sent out.
> If someone disables CDRs completely, then if they get hacked and there
> is no record,
> it's their responsibility - however, the default should generate manager
> events at least.
If one was able to update the dialplan, one would also be able to update
nocdr.conf or whatever.
> If you then go about an connect an external system, at least that one
> should have some
> visibility of it.
The call would also appear in your logs if you're verbose enough.
>
> What do you think?
If someone has broken into a system, that someone has direct access to
the CDR records anyway[*]
[*] Granting the asterisk user only 'CREATE' permission and not
'UPDATE'/'DELETE' does help here, though.
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the asterisk-dev
mailing list