Hi, we had an attack on a server and we don't understand how it was possible, Asterisk 1.4.28/Debian Lenny 5.1 Attacker came from PALTEL, network 188.161.128.0/18
Hacked account had following setup: [111] type=friend username=111 context=from-111 host=11.22.33.44 dtmfmode=auto qualify=yes nat=yes canreinvite=no defaultip=11.22.33.44 port=35060 disallow=all allow=ulaw,alaw call-limit=2 Despite this, I saw in my logs that someone hacked this account and could place calls! in logs we have: [Jan 27 04:00:13] ERROR[29715] chan_sip.c: Peer '111' is trying to register, but not configured as host=dynamic [Jan 27 04:00:13] NOTICE[29715] chan_sip.c: Registration from '<sip:1...@ourasteriskip>' failed for '188.161.152.245' - Peer is not supposed to register [Jan 27 04:00:18] VERBOSE[30669] logger.c: -- Executing [972599400...@from-111:1] NoOp("SIP/111-000016eb", "Incoming call from AAAA") in new stack As you see 111 could place a call even having not registered, which he is not supposed to do. How is this possible? -- Daniel -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users