if you know IP then ban with iptables iptables -A INPUT -s IP -j REJECT
Martin On Fri, Jun 11, 2010 at 8:41 PM, Martin <[email protected]> wrote: > When will you people learn ... you set the secret=0000 > and it's one of the many frequent passwords most people sets out of > being lazy ... > > that simply says ... guess my password and call through my pbx for free ... > > so again ... > > 1) bad people scan extensions 100-199 and 1000-9999 trying to guess > your password > if you were nice enough to set it within a known statistical easy guess > > 2) either use complicated passwords and sip accounts other than > 100-199 1000-9999 or install the fail2ban > > Martin > > On Fri, Jun 11, 2010 at 4:55 PM, sean darcy <[email protected]> wrote: >> This is a small 12 line system, internal extensions 150 - 180. I didn't >> have a phone on 151. Here's the sip.conf stanza: >> >> ;;[151] >> ;;type=friend >> ;;context=longdistance >> ;;callerid="Conf Room" <151> >> ;;secret=0000 >> ;;host=dynamic >> ;;qualify=yes >> ;;dtmfmode=rfc2833 >> ;;allow=all >> ;;defaultuser=151 >> ;;nat=yes >> ;;canreinvite=no >> >> There's no DISA. And then somehow (how???) ip address 79.117.17.247 >> becomes extension 151 and starts making calls to West Africa. >> >> Now contactdeny and contactpermit over solve the problem. For instance, >> I can't register with my voip provider. I don't care about peers who I >> make calls to, or receive calls from. I'm just stunned someone can >> become a peer and make calls themselves. >> >> How do I fix this in some reasonable way. >> >> sean >> >> [Jun 10 15:51:19] VERBOSE[1662] chan_sip.c: -- Registered SIP '151' >> at 79.117.17.247 port 5060 >> [Jun 10 15:51:20] NOTICE[1662] chan_sip.c: Peer '151' is now Reachable. >> (161ms / 2000ms) >> [Jun 10 15:51:20] NOTICE[1662] chan_sip.c: Received SIP subscribe for >> peer without mailbox: 151 >> [Jun 10 15:51:21] VERBOSE[1662] netsock.c: == Using SIP RTP TOS bits 184 >> [Jun 10 15:51:21] VERBOSE[1662] netsock.c: == Using SIP RTP CoS mark 5 >> [Jun 10 15:51:21] VERBOSE[1662] netsock.c: == Using SIP VRTP CoS mark 6 >> [Jun 10 15:51:21] VERBOSE[1662] netsock.c: == Using UDPTL TOS bits 184 >> [Jun 10 15:51:21] VERBOSE[1662] netsock.c: == Using UDPTL CoS mark 5 >> [Jun 10 15:51:22] VERBOSE[4780] pbx.c: -- Executing >> [01125240212...@longdistance:1] Answer("SIP/151-000000ae", "") in new stack >> [Jun 10 15:51:22] VERBOSE[4780] pbx.c: -- Executing >> [01125240212...@longdistance:2] Gosub("SIP/151-000000ae", >> "DialOut,s,1(01125240212154 >> ,DAHDI/g0)") in new stack >> ......... >> [Jun 10 15:51:22] VERBOSE[4780] pbx.c: -- Executing [...@dialout:9] >> Dial("SIP/151-000000ae", "DAHDI/g0/01125240212154") in new stack >> [Jun 10 15:51:22] VERBOSE[4780] chan_dahdi.c: -- Requested transfer >> capability: 0x00 - SPEECH >> [Jun 10 15:51:22] VERBOSE[4780] app_dial.c: -- Called g0/01125240212154 >> [Jun 10 15:51:22] VERBOSE[4780] app_dial.c: -- DAHDI/2-1 is >> proceeding passing it to SIP/151-000000ae >> [Jun 10 15:51:23] VERBOSE[4780] app_dial.c: -- DAHDI/2-1 is making >> progress passing it to SIP/151-000000ae >> [Jun 10 15:51:23] VERBOSE[4780] app_dial.c: -- DAHDI/2-1 is making >> progress passing it to SIP/151-000000ae >> [Jun 10 15:51:25] VERBOSE[4780] app_dial.c: -- SIP/151-000000ae >> requested special control 16, passing it to DAHDI/2-1 >> [Jun 10 15:51:25] VERBOSE[4780] channel.c: -- Music class default >> requested but no musiconhold loaded. >> [Jun 10 15:51:25] VERBOSE[4780] app_dial.c: -- SIP/151-000000ae >> requested special control 20, passing it to DAHDI/2-1 >> >> >> >> >> -- >> _____________________________________________________________________ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> New to Asterisk? Join us for a live introductory webinar every Thurs: >> http://www.asterisk.org/hello >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users >> > -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
