Re: [asterisk-users] Hack attempt sequential config file read looking for valid files.

2017-04-22 Thread Tim S
Exactly. If one's external access control is set correctly, you should basically never see any outside attack traffic at your Asterisk box (you've see it in the firewall logs instead). Following the concept of "least privileges" is where you should start if you have Asterisk attached to a

Re: [asterisk-users] Hack attempt sequential config file read looking for valid files.

2017-04-21 Thread Victor Villarreal
Hi David, Tim, Try to use Bail2Ban at last resort. Fail2Ban is a ractive approach, that permit the traffinc AND ONLY BLOCK them after certain level triggered. Use iptables to block the unused services faced to public networks like Internet. And configure these services properly, so they listen

Re: [asterisk-users] Hack attempt sequential config file read looking for valid files.

2017-04-21 Thread Tim S
Is that IP in your network or outside (I can ping it so I'm guessing it's outside your network)? Do you have a firewall between your asterisk box and the internet? Is there a WHITELIST of IP addresses that only allow your provider's limited IP pool to connect to your asterisk box from outside?

Re: [asterisk-users] Hack attempt sequential config file read looking for valid files.

2017-04-21 Thread Victor Villarreal
Hi, Jerry, I don't know what S.O. you have in the Server, but you can check the man page (https://linux.die.net/man/8/in.tftpd) for tftpd and use the options --address, so you can tell tftp from what interface/port this service listen request. >From the IP in your logs (69.64.57.18) the request

Re: [asterisk-users] Hack attempt sequential config file read looking for valid files.

2017-04-21 Thread Dovid Bender
This is old news. They use Shodan and then try to connect. Set up Fail2Ban that say after 10 404's to ban the IP. On Fri, Apr 21, 2017 at 12:27 PM, Jerry Geis wrote: > I "justed" happened to look at /var/log/messages... > > I saw: > Apr 21 12:18:40 in.tftpd[22719]: RRQ

Re: [asterisk-users] Hack attempt sequential config file read looking for valid files.

2017-04-21 Thread Derek Bolichowski
ttempt sequential config file read looking for valid files. I "justed" happened to look at /var/log/messages... I saw: Apr 21 12:18:40 in.tftpd[22719]: RRQ from 69.64.57.18 filename 0004f2034f6b.cfg Apr 21 12:18:40 in.tftpd[22719]: Client 69.64.57.18 File not found 0004f2034f6b.cfg Apr 21 1

[asterisk-users] Hack attempt sequential config file read looking for valid files.

2017-04-21 Thread Jerry Geis
I "justed" happened to look at /var/log/messages... I saw: Apr 21 12:18:40 in.tftpd[22719]: RRQ from 69.64.57.18 filename 0004f2034f6b.cfg Apr 21 12:18:40 in.tftpd[22719]: Client 69.64.57.18 File not found 0004f2034f6b.cfg Apr 21 12:18:40 in.tftpd[22720]: RRQ from 69.64.57.18 filename