[asterisk-users] Unregistred users can pass calls, peer being static
Administrator TOOTAI
admin at tootai.net
Wed Jan 27 04:47:13 CST 2010
Hi,
we had an attack on a server and we don't understand how it was
possible, Asterisk 1.4.28/Debian Lenny 5.1 Attacker came from PALTEL,
network 188.161.128.0/18
Hacked account had following setup:
[111]
type=friend
username=111
context=from-111
host=11.22.33.44
dtmfmode=auto
qualify=yes
nat=yes
canreinvite=no
defaultip=11.22.33.44
port=35060
disallow=all
allow=ulaw,alaw
call-limit=2
Despite this, I saw in my logs that someone hacked this account and
could place calls! in logs we have:
[Jan 27 04:00:13] ERROR[29715] chan_sip.c: Peer '111' is trying to
register, but not configured as host=dynamic
[Jan 27 04:00:13] NOTICE[29715] chan_sip.c: Registration from
'<sip:111 at ourAsteriskIP>' failed for '188.161.152.245' - Peer is not
supposed to register
[Jan 27 04:00:18] VERBOSE[30669] logger.c: -- Executing
[972599400749 at from-111:1] NoOp("SIP/111-000016eb", "Incoming call from
AAAA") in new stack
As you see 111 could place a call even having not registered, which he
is not supposed to do.
How is this possible?
--
Daniel
More information about the asterisk-users
mailing list