On Apr 11, 2010, at 10:06 AM, Zeeshan Zakaria wrote: > I don't k know if there is a tool to sniff passwords, but did you check in > /va/log/asterisk/full? Maybe wireshark can be used for this purpose, but > it'll be not that straight forward. > > Interestingly I checked log of my server and found out that I was also under > attack yesterday by an Amazon cloud server, IP 184.73.53.22. Thanks to > fail2ban the IP was blocked. But I guess I am now used to these attacks as it > is a routine now and so far fail2ban is working fine for me. But my server > (and now yours too) is in some hackers list of "asterisk favourites" and will > keep getting under attack. > > I'll now send an email to Amazon. > > Zeeshan A Zakaria > > --
We were also attacked from 184.73.53.2 yesterday and sent an email to their abuse (with no response). The interesting thing about this attack, was instead of just making registration attempts, it also tried to call extensions first... our dialplan doesn't allow for either but was unusual in that most aren't trying to dial an extension before regging them. -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
