Were the passwords on any extensions common dictionary words or otherwise easily brute forced?
On Sat, Feb 7, 2009 at 8:23 PM, VIP Carrier <vipcarr...@gmail.com> wrote: > The system was secure they had only open few ports on they firewall > 443, 5060-5061 and 16384-32767 for RTP traffic, > > and users extensions did not match passwords at and SwitchVOX came in as a > Appliance so there was no installation done by any one at they company > everything came in directly from Digium. > > We have attempted contacting server pronto on what they technical support > just said email to abuse and they will look in to the problem and refused > talking to us. > > > On Sat, Feb 7, 2009 at 7:31 PM, Gregory Boehnlein <da...@nacs.net> wrote: > >> I made a comment about this at Astridevcon. We have seen an increase in >> Automated Brute Force hacking attempts against publically accessible VoIP >> systems. Basically, the hackers use an automated tool to hack into a VoIP >> system w/ insecure passwords (ala extension 100 w/ a password of 100). Once >> they gain access, they use it to either: >> >> >> >> a. Send a bunch of calls to places like Cuba, were costs can be >> $.30 / minute. >> >> b. Have an auto-dialer blast out calls for credit-card scamming. >> >> >> >> There was an FBI announcement not too long ago about a "Vishing" scam that >> was targeting Asterisk PBX systems: >> >> http://blogs.digium.com/2008/12/06/sip-security-and-asterisk/ >> >> >> >> At this point, if you have your VoIP system attached to the public >> Internet, and are not taking security precautions such as using strong >> passwords and judicious firewalling, it is only a matter of time until you >> get hacked. >> >> >> >> *From:* asterisk-biz-boun...@lists.digium.com [mailto: >> asterisk-biz-boun...@lists.digium.com] *On Behalf Of *Jai Rangi >> *Sent:* Saturday, February 07, 2009 6:57 PM >> *To:* Commercial and Business-Oriented Asterisk Discussion >> *Subject:* Re: [asterisk-biz] PBX got Hacked >> >> >> >> $2000 calls in one hours? The fraud user must be a professional hacker and >> should have some kind of VoIP system and 10s (if not hundreds) of friends >> calling at the same time. >> >> On Sat, Feb 7, 2009 at 3:46 PM, Gregory Boehnlein <da...@nacs.net> >> wrote: >> >> Let me guess… >> >> >> >> 1. The Switchvox was open to the Internet >> >> 2. The extensions were simple (three / four digits) and the >> passwords matched the extensions >> >> 3. The attacker was able to register from the public Internet as >> one of the users and send the calls. >> >> >> >> Sounds much more like an installation done by someone who had no clue >> about IP security. Don't blame Switchvox for the installers lack of a clue.. >> Switchvox is designed to run behind a firewall, and best practices for >> installation would dictate that you be very paranoid about what to allow to >> communicate w/ the PBX. Allowing it to be openly accessed on the Public >> Internet is shear stupidity. >> >> >> >> So.. what am I missing here? >> >> >> >> *From:* asterisk-biz-boun...@lists.digium.com [mailto: >> asterisk-biz-boun...@lists.digium.com] *On Behalf Of *VIP Carrier >> *Sent:* Saturday, February 07, 2009 6:36 PM >> *To:* Commercial and Business-Oriented Asterisk Discussion >> *Subject:* [asterisk-biz] PBX got Hacked >> >> >> >> Guys, >> I can't belive that our client's PBX got hacked today. >> My client has a SwitchVOX SMB and it got hacked! >> some f...@ckers with a following IP's >> 91.121.132.208 >> 69.60.114.222 >> was able to send a calls in a matter of 1 hr for more then $2000 >> >> what can I say stay a way from switchvox >> >> -- >> This message has been scanned for viruses and >> dangerous content by *N2Net >> Mailshield*<http://www.n2net.net/Products.asp?PageId=1&SubId=14> >> *, and is >> believed to be clean. *** >> >> * >> _______________________________________________ >> --Bandwidth and Colocation Provided by http://www.api-digital.com-- >> >> asterisk-biz mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-biz* >> >> * >> >> -- >> This message has been scanned for viruses and >> dangerous content by N2Net >> Mailshield<http://www.n2net.net/Products.asp?PageId=1&SubId=14>, >> and is >> believed to be clean. * >> >> _______________________________________________ >> --Bandwidth and Colocation Provided by http://www.api-digital.com-- >> >> asterisk-biz mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-biz >> > > > _______________________________________________ > --Bandwidth and Colocation Provided by http://www.api-digital.com-- > > asterisk-biz mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-biz >
_______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz