oops. that was supposed to be off list.....
On Sun, Jun 16, 2019 at 7:07 PM Dovid Bender <do...@telecurve.com> wrote: > John, > > I spoke about security last year at Astricon [1]. If I had to guess > without even knowing what your setup is I would say they either got in via > an insecure phone (either default pass or one with a known security issue) > or via a provisioning server. If you want I can help poke around your > system tomorrow to see if we can figure out how they get in. > > Regards, > > Dovid > > > [1] https://www.youtube.com/watch?v=9Wzzlo1kfTQ&t=1s > > On Sun, Jun 16, 2019 at 6:37 PM John T. Bittner <j...@xaccel.net> wrote: > >> Anyone know how someone can hack an asterisk box and register with every >> single account on the box. >> >> This box only has 3 accounts, with very complex passwords. Have VoIP >> blacklist setup and fail2ban… >> >> >> >> The hackers were able to make 2 calls to Cuba before my alerting system >> texted me. >> >> >> >> I am running asterisk 16.3 with PJSIP. >> >> >> >> This is my only box open to the outside world, a requirement for this one >> customer. >> >> Looked into my logs… can't find anything out of the ordinary. >> >> >> >> >> >> Any ideas ? >> >> >> >> >> >> >> >> Contact: <Aor/ContactUri..............................> <Hash....> >> <Status> <RTT(ms)..> >> >> >> ========================================================================================== >> >> >> >> Contact: 12120001001/sip:12120001001@5.79.64.23:9227 ee80678930 >> NonQual nan >> >> Contact: 848842405/sip: 848842405@5.79.64.23:9227 >> 031ed703ba NonQual nan >> >> Contact: 848842405/sip: 848842405@5.79.64.23:9227 >> 031ed703ba NonQual nan >> >> Contact: ghbhhm0000/sip:ghbhhm0000@5.79.64.23:9227 959fc8fbf4 >> NonQual nan >> >> Contact: ghbhhm0000/sip:ghbhhm0000@5.79.64.23:9227 959fc8fbf4 >> NonQual nan >> >> Contact: ghbhhm0000/sip:ghbhhm0000@5.79.64.23:9228 d7bf838918 >> NonQual nan >> >> Contact: ghbhhm0000/sip:ghbhhm0000@5.79.64.23:9228 d7bf838918 >> NonQual nan >> >> >> >> Any helps is much appreciated. >> >> >> >> >> >> John Bittner >> >> CTO >> >> [image: xaccellogoemail] >> >> 380 US Highway 46, Suite 500 >> >> Totowa, NJ 07512 >> >> Phone: 201.806.2602 x2405 >> >> Fax: 201.806.2604 >> >> Cell: 973.390.1090 >> >> www.xaccel.net >> >> >> >> >> >> >> *CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, >> is for the sole use of the intended recipient(s) and may contain >> confidential and privileged information which should not be shared or >> forwarded. Any unauthorized review, use, disclosure or distribution is >> prohibited. If you are not the intended recipient, please contact the >> sender by reply e-mail and destroy all copies of the e-mail.* >> >> >> -- >> _____________________________________________________________________ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> >> Check out the new Asterisk community forum at: >> https://community.asterisk.org/ >> >> New to Asterisk? Start here: >> https://wiki.asterisk.org/wiki/display/AST/Getting+Started >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users > >
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users