[asterisk-users] Sip Registration Hijacking

[eherr]

I appreciate your 2-cents worth.

 

However, I do not believe they have access to machine

 

If so, they are clever to create three failures in the logs for my benefit before entering the correct one for hijacking.

 

Additionally, I have a lot of sip extensions to hijack and he keeps going for the same one.

 

I was hoping this was something with the MP-118 and someone experienced the same thing with that device.

 

Either way, I posed two questions which are still unanswered and probably I will never get answered: 

1 - is this a vulnerability in the MP-118

2 - what method could they possibly be using to hijack a number-alpha extension which is creative to begin with ie)
203-Joes_Insurance_Service with an openssl generated password of 12 characters.

 

Thanks,

--E

 

From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Larry Moore
Sent: Saturday, January 21, 2012 1:34 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Sip Registration Hijacking

 

On 20/01/2012 9:36 AM, eherr wrote: 

I have a honey pot box with extensions that are not just numbers ie )

 

100-MySipUserName

 

And the passwords are from an openssl generated password ie)

 

Gq5VNIjDFWIQoUT6

 

 


Is the password stored in sip.conf in plain text or as an MD5?

If it is stored in plain text then it may suggest the hijacker has greater access to your system than you realise.

My 2-cents worth.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20120125/e279f10f/attachment.htm>