On Wed, 2010-01-27 at 11:47 +0100, Administrator TOOTAI wrote:
> Hi,
>
> we had an attack on a server and we don't understand how it was
> possible, Asterisk 1.4.28/Debian Lenny 5.1 Attacker came from PALTEL,
> network 188.161.128.0/18
>
> Hacked account had following setup:
>
> [111]
> type=friend
> username=111
> context=from-111
> host=11.22.33.44
> dtmfmode=auto
> qualify=yes
> nat=yes
> canreinvite=no
> defaultip=11.22.33.44
> port=35060
> disallow=all
> allow=ulaw,alaw
> call-limit=2
>
> Despite this, I saw in my logs that someone hacked this account and
> could place calls! in logs we have:
>
> [Jan 27 04:00:13] ERROR[29715] chan_sip.c: Peer '111' is trying to
> register, but not configured as host=dynamic
> [Jan 27 04:00:13] NOTICE[29715] chan_sip.c: Registration from
> '<sip:1...@ourasteriskip>' failed for '188.161.152.245' - Peer is not
> supposed to register
> [Jan 27 04:00:18] VERBOSE[30669] logger.c: -- Executing
> [972599400...@from-111:1] NoOp("SIP/111-000016eb", "Incoming call from
> AAAA") in new stack
>
> As you see 111 could place a call even having not registered, which he
> is not supposed to do.
>
> How is this possible?
>
> --
> Daniel
>
Check your sip.conf
allowguest=no
--
Best regards, Vince Mallow
xmpp: w...@jabber.slan.ru
web: http://gentoo-way.blogspot.com
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
