Well, I'm not sure actually. I was attacked in June by someone who racked up between $800 and $900 in international calls to places in the middle of Africa, Korea, etc. So, I am motivated to secure this. I have made it much much more secure, definitely, but am looking for as many ways to further lock this down as possible.
I figure that I should filter every field that someone could possible interact with Asterisk in case they send characters that might breach security and allow them some kind of access. Symbols like the amperstand (&), comma (,), forward slash (/), at (@), pipe (|), etc. I would guess could be bad. Someone from Amsterdam was trying to register yesterday using an automated program which tried roughly 1,000 or so username password combinations before I shut asterisk down and added his/her ip to iptables to drop it. I wonder if I can configure the system to automatically detect such an attack in progress (e.g., a 1,000+ registration failures from the same ip is an 'attack') and the ip's to iptables, hosts.deny, etc. on the fly. That might be another topic I guess? This experience has emphasized the importance of securing the system and security in asterisk in general. Any insight on this would be really appreciated! Thanks!! From: [email protected] [mailto:[email protected]] On Behalf Of mike mosier Sent: Saturday, August 07, 2010 11:52 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Security - What inbound variables can attackers populate or use when calling? What kind of attack can they reform calling in? On Aug 6, 2010 1:12 AM, <[email protected]> wrote: > I am setting filters, etc. on variables that attackers can send asterisk > when they call (for example when they initially call into asterisk). > > So far, I am filtering: > > exten > > CALLERID(name) > > CALLERID(num) > > > > What other fields or variables would an attacker be able to use in the > packets that they send when placing the call to asterisk? > > > > Further, I am assuming that in the case that an attacker, first, simply > dials in normally and then after reaching voice prompts or other, starts > his/her attack, then all I need to filter in that case is exten. Anything > else here as well? > > > > Thanks!! >
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
