+++ VIP Carrier [07/02/09 18:35 -0500]: > Guys, > I can't belive that our client's PBX got hacked today. > My client has a SwitchVOX SMB and it got hacked! > some f...@ckers with a following IP's > 91.121.132.208 > 69.60.114.222 > was able to send a calls in a matter of 1 hr for more then $2000 > > what can I say stay a way from switchvox
> _______________________________________________ > --Bandwidth and Colocation Provided by http://www.api-digital.com-- > > asterisk-biz mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-biz This is one of the reasons why we use the concept of users and alpha numeric passwords for softphones and auto-generated large alpha numeric passwords for stations in Druid. The main reasons for all this brute force hacking of Asterisk (a new phenomenon) is the proliferation of Asterisk (obviously) and configurations where the extension is the same as the authentication credentials for the phones (My extension is 100 my pin is 1234 and I use this for my voicemail as well as for authenticating my phone with the server) Ok well its possible your pin if 3214 even that does not really matter to a brute force attack over SIP where there is no real forced delay between retry attempts. -- regards Vikram _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz