I appreciate your 2-cents worth.

 

However, I do not believe they have access to machine

 

If so, they are clever to create three failures in the logs for my benefit 
before entering the correct one for hijacking.

 

Additionally, I have a lot of sip extensions to hijack and he keeps going for 
the same one.

 

I was hoping this was something with the MP-118 and someone experienced the 
same thing with that device.

 

Either way, I posed two questions which are still unanswered and probably I 
will never get answered: 

1 - is this a vulnerability in the MP-118

2 - what method could they possibly be using to hijack a number-alpha extension 
which is creative to begin with ie)
203-Joes_Insurance_Service with an openssl generated password of 12 characters.

 

Thanks,

--E

 

From: asterisk-users-boun...@lists.digium.com 
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Larry Moore
Sent: Saturday, January 21, 2012 1:34 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Sip Registration Hijacking

 

On 20/01/2012 9:36 AM, eherr wrote: 

I have a honey pot box with extensions that are not just numbers ie )

 

100-MySipUserName

 

And the passwords are from an openssl generated password ie)

 

Gq5VNIjDFWIQoUT6

 

 


Is the password stored in sip.conf in plain text or as an MD5?

If it is stored in plain text then it may suggest the hijacker has greater 
access to your system than you realise.

My 2-cents worth.

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Reply via email to