From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Jerry Geis Sent: Friday, April 21, 2017 12:28 PM To: Asterisk Users Mailing List - Non-Commercial Discussion <asterisk-users@lists.digium.com> Subject: [asterisk-users] Hack attempt sequential config file read looking for valid files.
I "justed" happened to look at /var/log/messages... I saw: Apr 21 12:18:40 in.tftpd[22719]: RRQ from 69.64.57.18 filename 0004f2034f6b.cfg Apr 21 12:18:40 in.tftpd[22719]: Client 69.64.57.18 File not found 0004f2034f6b.cfg Apr 21 12:18:40 in.tftpd[22720]: RRQ from 69.64.57.18 filename 0004f2034f6c.cfg Apr 21 12:18:40 in.tftpd[22720]: Client 69.64.57.18 File not found 0004f2034f6c.cfg Apr 21 12:18:40 in.tftpd[22721]: RRQ from 69.64.57.18 filename 0004f2034f6d.cfg Apr 21 12:18:40 in.tftpd[22721]: Client 69.64.57.18 File not found 0004f2034f6d.cfg Apr 21 12:18:40 in.tftpd[22722]: RRQ from 69.64.57.18 filename 0004f2034f6e.cfg so basically an sequential read of polycom MAC address config files. Some is trying to read to determine if I have any polycom files just sequential read after read. And if so - it would get any extension and password at that time. Luckily I have none. However - how does one block attempts like this ? Thanks! Jerry Jerry, Can you change to FTP Provisioning, or HTTPS etc? Atleast with FTP you can set a user/pass to your directory with mac.cfg to prevent open access.
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users