[asterisk-users] Someone has hacked into our system

Adrian Marsh Adrian.Marsh at ubiquisys.com
Thu Nov 25 11:33:25 CST 2010


Hi Gary,

 

I went through this process a few times over the past few years.

Theres a few short guides for securing Asterisk, but much of it depends
on your design.  If it's a traditional POTs-type PBX then locking down
IPs using firewalls is a great thing, however if you make use of
inbound-SIP calls from end-user PC clients on the Internet then that's
not always possible.

 

So heres my recommendations:

 

1) Change the default context name to something like "publicinbound".

2) Create a context called publicinbound that does basically nothing.

3) Setup a different context for an peer or friend IAX or SIP, or
whatever. That way you can see which connection the hackers coming in
from.

4) If you don't want to firewall off the whole internet, then at least
make use of fail2ban - it's a free scripted addon that watches for
hacking attempts and firewalls them off.

5) Really really long passwords and usernames - this ones pretty key.
My first task was in going through and understanding where all the
passwords were and changing them.  I now make mine completely random and
a min of 30 chars.

6) IP restrictions. If a peer or user does have a fixed IP, then define
it in the appropriate config file.

7) The alwaysauthreject is good.. helps fumble the hackers.

 

 

 

Thanks,

 

Adrian

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20101125/e454620a/attachment.htm 


More information about the asterisk-users mailing list