[asterisk-users] Someone has hacked into our system
Gary Kuznitz
docfxit at theoffice.la
Wed Nov 24 13:47:57 CST 2010
Thank you for the reply.
On 23 Nov 2010 at 18:51, John (John Novack <jnovack at stromberg-carlson.org>)
commented about Re: [asterisk-users] Someone has hacked into our :
>
>
> Gary Kuznitz wrote:
> > Thank you for the reply...
> >
> > Comments below...
> > On 22 Nov 2010 at 17:23, Tilghman (Tilghman Lesher<asterisk-
> > users at lists.digium.com>) commented about Re: [asterisk-users] Someone has hacked
> > into our :
> >
> >
> >> On Monday 22 November 2010 17:10:31 Gary Kuznitz wrote:
> >>
> >>> I have the log now. I'd like to know what to look for in trying to figure
> >>> out how the calls are getting originated. I'd be happy to shere all the
> >>> information. I just don't want to post information on this public list that
> >>> might show other people how to get in to our box.
> >>>
> >> allowguest=yes in sip.conf, with a context= in the [general] section that
> >> is permitted to make outbound calls?
> >>
> > I'm trying to understand exactly what this means.
> >
> > I found a sip.conf in /etc/asterisk
> > I have a [general] section.
> > I don't have allowguest=yes. Is that good or am I supposed to have it?
> >
> I believe what you SHOULD have is;
> allowguest=no
> Not sure if that is the default behavior or not
> > If I'm supposed to have it can it go any place in the [general] section?
> > I have in the [general] section a line with:
> > context = default
> > Is this where I would remove default and enter the IP addresses that are allowed to
> > make calls?
> >
> Your default context in extensions.conf should basiclly lead nowhere.
> I have mine set up to play an insane laugh then hangup
> Probably safe to say NEVER use context default for any outbound calling
I don't have any context in extensions.conf
I do have context = default in sip.conf
Should I remove that line?
Could you give me an example of what you have in your extensions.conf?
Thank you,
Gary Kuznitz
>
> You should also have, in general:
>
> alwaysauthreject=yes
> This seems pretty effective in stopping some hacking
> These are simple fixes.
> I will let others comment on other more detailed firewalling
>
> John Novack
>
> > What would a line with IP address look like? Could you give me an example?
> > If that isn't where the IP address that are allowed supposed to be where would I put
> > them?
> >
> > Thank you,
> >
> > Gary Kuznitz
> >
> >
> >> Just a guess, but there have been
> >> more than a few such discussions on the list about that configuration, plus
> >> a README-SERIOUSLY.bestpractices.txt in the root directory of every Asterisk
> >> source tree. You DID read that file, right?
> >>
> >> --
> >> Tilghman Lesher
> >> Digium, Inc. | Senior Software Developer
> >> twitter: Corydon76 | IRC: Corydon76-dig (Freenode)
> >> Check us out at: www.digium.com& www.asterisk.org
> >>
> >> --
> >> _____________________________________________________________________
> >> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> >> New to Asterisk? Join us for a live introductory webinar every Thurs:
> >> http://www.asterisk.org/hello
> >>
> >> asterisk-users mailing list
> >> To UNSUBSCRIBE or update options visit:
> >> http://lists.digium.com/mailman/listinfo/asterisk-users
> >>
> >
> >
> >
>
> --
>
> Dog is my Co-pilot
>
More information about the asterisk-users
mailing list