John, There are a lot of factors at play for instance are you using a gui that has a known vlun? Is there mysql running on the box with a simple password? Perhaps they didnt hack your PBX but they comprised a SIP phone and once they had the credentials they made calls? Do you have a provisioning system? We have seen all of the above. Most of the compromises we are seeing these days is either via a Provisioning server or phones that are accessible on the internet with weak passwords Regards, Dovid
Anyone know how someone can hack an asterisk box and register with every single account on the box. This box only has 3 accounts, with very complex passwords. Have VoIP blacklist setup and fail2ban…
The hackers were able to make 2 calls to Cuba before my alerting system texted me.
I am running asterisk 16.3 with PJSIP.
This is my only box open to the outside world, a requirement for this one customer. Looked into my logs… can't find anything out of the ordinary.
Any ideas ?
Contact: <Aor/ContactUri..............................> <Hash....> <Status> <RTT(ms)..> ==========================================================================================
Contact: 12120001001/sip:12120001001@5.79.64.23:9227 ee80678930 NonQual nan Contact: 848842405/sip: 848842405@5.79.64.23:9227 031ed703ba NonQual nan Contact: 848842405/sip: 848842405@5.79.64.23:9227 031ed703ba NonQual nan Contact: ghbhhm0000/sip:ghbhhm0000@5.79.64.23:9227 959fc8fbf4 NonQual nan Contact: ghbhhm0000/sip:ghbhhm0000@5.79.64.23:9227 959fc8fbf4 NonQual nan Contact: ghbhhm0000/sip:ghbhhm0000@5.79.64.23:9228 d7bf838918 NonQual nan Contact: ghbhhm0000/sip:ghbhhm0000@5.79.64.23:9228 d7bf838918 NonQual nan
Any helps is much appreciated.
John Bittner CTO 380 US Highway 46, Suite 500 Totowa, NJ 07512 Phone: 201.806.2602 x2405 Fax: 201.806.2604 Cell: 973.390.1090
CONFIDENTIALITY NOTICE:
|
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com --
Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users