[asterisk-users] How to stop intruder from registering sip?

Martin asterisklist at callthem.info
Fri Jun 11 20:42:32 CDT 2010


if you know IP then ban with iptables

iptables -A INPUT -s IP -j REJECT

Martin

On Fri, Jun 11, 2010 at 8:41 PM, Martin <asterisklist at callthem.info> wrote:
> When will you people learn ... you set the secret=0000
> and it's one of the many frequent passwords most people sets out of
> being lazy ...
>
> that simply says ... guess my password and call through my pbx for free ...
>
> so again ...
>
> 1) bad people scan extensions 100-199 and 1000-9999 trying to guess
> your password
> if you were nice enough to set it within a known statistical easy guess
>
> 2) either use complicated passwords and sip accounts other than
> 100-199 1000-9999 or install the fail2ban
>
> Martin
>
> On Fri, Jun 11, 2010 at 4:55 PM, sean darcy <seandarcy2 at gmail.com> wrote:
>> This is a small 12 line system, internal extensions 150 - 180. I didn't
>> have a phone on 151. Here's the sip.conf stanza:
>>
>> ;;[151]
>> ;;type=friend
>> ;;context=longdistance
>> ;;callerid="Conf Room" <151>
>> ;;secret=0000
>> ;;host=dynamic
>> ;;qualify=yes
>> ;;dtmfmode=rfc2833
>> ;;allow=all
>> ;;defaultuser=151
>> ;;nat=yes
>> ;;canreinvite=no
>>
>> There's no DISA. And then somehow (how???) ip address 79.117.17.247
>> becomes extension 151 and starts making calls to West Africa.
>>
>> Now contactdeny and contactpermit over solve the problem. For instance,
>> I can't register with my voip provider. I don't care about peers who I
>> make calls to, or receive calls from. I'm just stunned someone can
>> become a peer and make calls themselves.
>>
>> How do I fix this in some reasonable way.
>>
>> sean
>>
>> [Jun 10 15:51:19] VERBOSE[1662] chan_sip.c:     -- Registered SIP '151'
>> at 79.117.17.247 port 5060
>> [Jun 10 15:51:20] NOTICE[1662] chan_sip.c: Peer '151' is now Reachable.
>> (161ms / 2000ms)
>> [Jun 10 15:51:20] NOTICE[1662] chan_sip.c: Received SIP subscribe for
>> peer without mailbox: 151
>> [Jun 10 15:51:21] VERBOSE[1662] netsock.c:   == Using SIP RTP TOS bits 184
>> [Jun 10 15:51:21] VERBOSE[1662] netsock.c:   == Using SIP RTP CoS mark 5
>> [Jun 10 15:51:21] VERBOSE[1662] netsock.c:   == Using SIP VRTP CoS mark 6
>> [Jun 10 15:51:21] VERBOSE[1662] netsock.c:   == Using UDPTL TOS bits 184
>> [Jun 10 15:51:21] VERBOSE[1662] netsock.c:   == Using UDPTL CoS mark 5
>> [Jun 10 15:51:22] VERBOSE[4780] pbx.c:     -- Executing
>> [01125240212154 at longdistance:1] Answer("SIP/151-000000ae", "") in new stack
>> [Jun 10 15:51:22] VERBOSE[4780] pbx.c:     -- Executing
>> [01125240212154 at longdistance:2] Gosub("SIP/151-000000ae",
>> "DialOut,s,1(01125240212154
>> ,DAHDI/g0)") in new stack
>> .........
>> [Jun 10 15:51:22] VERBOSE[4780] pbx.c:     -- Executing [s at DialOut:9]
>> Dial("SIP/151-000000ae", "DAHDI/g0/01125240212154") in new stack
>> [Jun 10 15:51:22] VERBOSE[4780] chan_dahdi.c:     -- Requested transfer
>> capability: 0x00 - SPEECH
>> [Jun 10 15:51:22] VERBOSE[4780] app_dial.c:     -- Called g0/01125240212154
>> [Jun 10 15:51:22] VERBOSE[4780] app_dial.c:     -- DAHDI/2-1 is
>> proceeding passing it to SIP/151-000000ae
>> [Jun 10 15:51:23] VERBOSE[4780] app_dial.c:     -- DAHDI/2-1 is making
>> progress passing it to SIP/151-000000ae
>> [Jun 10 15:51:23] VERBOSE[4780] app_dial.c:     -- DAHDI/2-1 is making
>> progress passing it to SIP/151-000000ae
>> [Jun 10 15:51:25] VERBOSE[4780] app_dial.c:     -- SIP/151-000000ae
>> requested special control 16, passing it to DAHDI/2-1
>> [Jun 10 15:51:25] VERBOSE[4780] channel.c:     -- Music class default
>> requested but no musiconhold loaded.
>> [Jun 10 15:51:25] VERBOSE[4780] app_dial.c:     -- SIP/151-000000ae
>> requested special control 20, passing it to DAHDI/2-1
>>
>>
>>
>>
>> --
>> _____________________________________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>               http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>



More information about the asterisk-users mailing list