[asterisk-users] Attempted break in ?
Robert Lister
robl at lentil.org
Mon Jan 11 07:12:47 CST 2010
On Mon, 2010-01-11 at 10:45 +0000, --[ UxBoD ]-- wrote:
> Hi,
>
> I am starting to see a lot of these:
>
> [Jan 10 01:18:56] NOTICE[5627] chan_sip.c: Call from '' to extension '33155786056' rejected because extension not found.
> [Jan 10 01:52:47] NOTICE[5627] chan_sip.c: Call from '' to extension '033155786056' rejected because extension not found.
> [Jan 10 02:26:36] NOTICE[5627] chan_sip.c: Call from '' to extension '0#33155786056' rejected because extension not found.
Yes, looks like it. Make sure that your sip.conf "context=" default
context points to a context that cannot make external calls.
(Or, if your asterisk box does not need to accept connections from
anyone externally then restrict what can connect to it with firewall
rules or an access-list.)
Although I had locked down the SIP config already, I was almost caught
out recently by one of these attackers, where somebody was trying to
make calls over *H323* as that ALSO has a 'default' context similar to
sip.conf (although the calls did not succeed because before an outbound
call is placed, we check the caller ID is within an expected range, in
order to set the correct outbound CLI, but were that check not in place,
then it probably would have succeeded.)
H323 seemed to be enabled by default, so I just disabled the H.323
module as we do not use it.
Rob
More information about the asterisk-users
mailing list