[asterisk-users] Attempted break in ?
--[ UxBoD ]--
uxbod at splatnix.net
Mon Jan 11 07:26:25 CST 2010
----- "Robert Lister" <robl at lentil.org> wrote:
| On Mon, 2010-01-11 at 10:45 +0000, --[ UxBoD ]-- wrote:
| > Hi,
| >
| > I am starting to see a lot of these:
| >
| > [Jan 10 01:18:56] NOTICE[5627] chan_sip.c: Call from '' to extension
| '33155786056' rejected because extension not found.
| > [Jan 10 01:52:47] NOTICE[5627] chan_sip.c: Call from '' to extension
| '033155786056' rejected because extension not found.
| > [Jan 10 02:26:36] NOTICE[5627] chan_sip.c: Call from '' to extension
| '0#33155786056' rejected because extension not found.
|
| Yes, looks like it. Make sure that your sip.conf "context=" default
| context points to a context that cannot make external calls.
|
| (Or, if your asterisk box does not need to accept connections from
| anyone externally then restrict what can connect to it with firewall
| rules or an access-list.)
|
| Although I had locked down the SIP config already, I was almost
| caught
| out recently by one of these attackers, where somebody was trying to
| make calls over *H323* as that ALSO has a 'default' context similar
| to
| sip.conf (although the calls did not succeed because before an
| outbound
| call is placed, we check the caller ID is within an expected range,
| in
| order to set the correct outbound CLI, but were that check not in
| place,
| then it probably would have succeeded.)
|
| H323 seemed to be enabled by default, so I just disabled the H.323
| module as we do not use it.
|
|
| Rob
|
|
|
|
| --
| _____________________________________________________________________
| -- Bandwidth and Colocation Provided by http://www.api-digital.com --
|
| asterisk-users mailing list
| To UNSUBSCRIBE or update options visit:
| http://lists.digium.com/mailman/listinfo/asterisk-users
Naughty people ;) yeah inbound SIP context is locked down.
--
Thanks - Phil
More information about the asterisk-users
mailing list