Re: [asterisk-users] Someone has hacked into our system

Mon, 22 Nov 2010 09:19:32 -0800

Blocking udp 5060 in the packet filter in unwanted directions should keep asterisk from setting up SIP connections. The real remedy is to figure out how the hacker got in and close the backdoor. 
I think a lot of us would be interested in what was the vulnerability.
And if it turns out that it was a configuration mistake, don't be shy: for every mistake you did in your config, there are at least a thousand people who did the same mistake. You help them (us) by disclosing the error, and if you have already changed the configuration you should not have the error at that time. 

On 2010-11-22 17:37, Danny Nicholas wrote:

------------------------------------------------------------------------


*From:* asterisk-users-boun...@lists.digium.com 
[mailto:asterisk-users-boun...@lists.digium.com] *On Behalf Of *Gary 
Kuznitz

*Sent:* Monday, November 22, 2010 10:23 AM
*To:* Asterisk Users Mailing List - Non-Commercial Discussion
*Subject:* [asterisk-users] Someone has hacked into our system

Someone has hacked into our system and is making calls overseas.

How can I:

1. Find out the where the calls are originating from?

2. Block all calls that are not authorized?

Our system is in the USA.

Only calls from inside our LAN are allowed.

Thank you,

Gary Kuznitz


For #1, start with the CDR.  You know that X is calling an overseas 
number.  Determine who X is (or is supposed to be)



For #2 (and the rest of #1) restrict your dialing access to a known 
set of IP's.  If you have 5 phones (softphones or actual handsets), 
block everything that doesn't start with those 5 IP addresses.



The first thing I would do is to change all of your passwords in 
sip.conf and do a sip reload.  That will slow down or temporarily stop 
the hacker.





-- 
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users





















					Reply via email to