On Sun, Jun 16, 2019 at 3:37 PM John T. Bittner <j...@xaccel.net> wrote:
> Anyone know how someone can hack an asterisk box and register with every > single account on the box. > > This box only has 3 accounts, with very complex passwords. Have VoIP > blacklist setup and fail2ban… > I've seen this happen when web-based provisioning is used, I have seen attempts to download configuration files off of my provisioning server increase in frequency over the last two years. The 'Hacker' will do a get on /polycom /cisco /yealink /aastra /mitel etc, If they get a valid response they will start enumerating mac addresses /polycom/0004F2018101.cfg /polycom/0004F2018102.cfg ... /polycom/0004F2018109.cfg Then they will use any credentials gained in the download attack to place calls, registering as needed.
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users