Re: [asterisk-users] Hacking

Sun, 16 Jun 2019 15:59:46 -0700

John,

There are a lot of factors at play for instance are you using a gui that has a known vlun? Is there mysql running on the box with a simple password? Perhaps they didnt hack your PBX but they comprised a SIP phone  and once they had the credentials  they made calls? Do you have a provisioning system?

We have seen all of the above. Most of the compromises we are seeing these days is either via a Provisioning server or phones that are accessible on the internet with weak passwords 



Regards,

Dovid

From: j...@xaccel.net
Sent: June 16, 2019 18:37
To: asterisk-users@lists.digium.com
Reply-to: asterisk-users@lists.digium.com
Subject: [asterisk-users] Hacking

Anyone know how someone can hack an asterisk box and register with every single account on the box.

This box only has 3 accounts, with very complex passwords. Have VoIP blacklist setup and fail2ban…

 

The hackers were able to make 2 calls to Cuba before my alerting system texted me.

 

I am running asterisk 16.3 with PJSIP.

 

This is my only box open to the outside world, a requirement for this one customer.

Looked into my logs… can't find anything out of the ordinary.

 

 

Any ideas ?

 



 

  Contact:  <Aor/ContactUri..............................> <Hash....> <Status> <RTT(ms)..>

==========================================================================================

 

  Contact:  12120001001/sip:12120001001@5.79.64.23:9227    ee80678930 NonQual         nan

  Contact:  848842405/sip: 848842405@5.79.64.23:9227                  031ed703ba NonQual         nan

  Contact:  848842405/sip: 848842405@5.79.64.23:9227                  031ed703ba NonQual         nan

  Contact:  ghbhhm0000/sip:ghbhhm0000@5.79.64.23:9227      959fc8fbf4 NonQual         nan

  Contact:  ghbhhm0000/sip:ghbhhm0000@5.79.64.23:9227      959fc8fbf4 NonQual         nan

  Contact:  ghbhhm0000/sip:ghbhhm0000@5.79.64.23:9228      d7bf838918 NonQual         nan

  Contact:  ghbhhm0000/sip:ghbhhm0000@5.79.64.23:9228      d7bf838918 NonQual         nan

 

Any helps is much appreciated.

 

 

John Bittner

CTO

xaccellogoemail

380 US Highway 46, Suite 500

Totowa, NJ 07512

Phone: 201.806.2602 x2405

Fax:       201.806.2604

Cell:       973.390.1090

www.xaccel.net

 

CONFIDENTIALITY NOTICE:
This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential
and privileged information which should not be shared or forwarded. Any unauthorized review, use, disclosure or distribution
is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the e-mail.

 

-- 
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
      https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Reply via email to