[asterisk-users] Someone has hacked into our system

John Novack jnovack at stromberg-carlson.org
Tue Nov 23 17:51:37 CST 2010



Gary Kuznitz wrote:
> Thank you for the reply...
>
> Comments below...
> On 22 Nov 2010 at 17:23, Tilghman (Tilghman Lesher<asterisk-
> users at lists.digium.com>) commented about Re: [asterisk-users] Someone has hacked
> into our :
>
>    
>> On Monday 22 November 2010 17:10:31 Gary Kuznitz wrote:
>>      
>>> I have the log now. I'd like to know what to look for in trying to figure
>>> out how the calls are getting originated. I'd be happy to shere all the
>>> information. I just don't want to post information on this public list that
>>> might show other people how to get in to our box.
>>>        
>> allowguest=yes in sip.conf, with a context= in the [general] section that
>> is permitted to make outbound calls?
>>      
> I'm trying to understand exactly what this means.
>
> I found a sip.conf in /etc/asterisk
> I have a [general] section.
> I don't have allowguest=yes.  Is that good or am I supposed to have it?
>    
I believe what you SHOULD have is;
allowguest=no
Not sure if that is the default behavior or not
> If I'm supposed to have it can it go any place in the [general] section?
> I have in the [general] section a line with:
> context = default
> Is this where I would remove default and enter the IP addresses that are allowed to
> make calls?
>    
Your default context in extensions.conf should basiclly lead nowhere.
I have mine set up to play an insane laugh then hangup
Probably safe to say NEVER use context default for any outbound calling

You should also have, in general:

alwaysauthreject=yes
This seems pretty effective in stopping some hacking
These are simple fixes.
I will let others comment on other more detailed firewalling

John Novack

> What would a line with IP address look like?  Could you give me an example?
> If that isn't where the IP address that are allowed supposed to be where would I put
> them?
>
> Thank you,
>
> Gary Kuznitz
>
>    
>> Just a guess, but there have been
>> more than a few such discussions on the list about that configuration, plus
>> a README-SERIOUSLY.bestpractices.txt in the root directory of every Asterisk
>> source tree.  You DID read that file, right?
>>
>> -- 
>> Tilghman Lesher
>> Digium, Inc. | Senior Software Developer
>> twitter: Corydon76 | IRC: Corydon76-dig (Freenode)
>> Check us out at: www.digium.com&  www.asterisk.org
>>
>> -- 
>> _____________________________________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>                 http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>     http://lists.digium.com/mailman/listinfo/asterisk-users
>>      
>
>
>    

-- 

Dog is my Co-pilot




More information about the asterisk-users mailing list