John, I spoke about security last year at Astricon [1]. If I had to guess without even knowing what your setup is I would say they either got in via an insecure phone (either default pass or one with a known security issue) or via a provisioning server. If you want I can help poke around your system tomorrow to see if we can figure out how they get in.
Regards, Dovid [1] https://www.youtube.com/watch?v=9Wzzlo1kfTQ&t=1s On Sun, Jun 16, 2019 at 6:37 PM John T. Bittner <[email protected]> wrote: > Anyone know how someone can hack an asterisk box and register with every > single account on the box. > > This box only has 3 accounts, with very complex passwords. Have VoIP > blacklist setup and fail2ban… > > > > The hackers were able to make 2 calls to Cuba before my alerting system > texted me. > > > > I am running asterisk 16.3 with PJSIP. > > > > This is my only box open to the outside world, a requirement for this one > customer. > > Looked into my logs… can't find anything out of the ordinary. > > > > > > Any ideas ? > > > > > > > > Contact: <Aor/ContactUri..............................> <Hash....> > <Status> <RTT(ms)..> > > > ========================================================================================== > > > > Contact: 12120001001/sip:[email protected]:9227 ee80678930 > NonQual nan > > Contact: 848842405/sip: [email protected]:9227 > 031ed703ba NonQual nan > > Contact: 848842405/sip: [email protected]:9227 > 031ed703ba NonQual nan > > Contact: ghbhhm0000/sip:[email protected]:9227 959fc8fbf4 > NonQual nan > > Contact: ghbhhm0000/sip:[email protected]:9227 959fc8fbf4 > NonQual nan > > Contact: ghbhhm0000/sip:[email protected]:9228 d7bf838918 > NonQual nan > > Contact: ghbhhm0000/sip:[email protected]:9228 d7bf838918 > NonQual nan > > > > Any helps is much appreciated. > > > > > > John Bittner > > CTO > > [image: xaccellogoemail] > > 380 US Highway 46, Suite 500 > > Totowa, NJ 07512 > > Phone: 201.806.2602 x2405 > > Fax: 201.806.2604 > > Cell: 973.390.1090 > > www.xaccel.net > > > > > > > *CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, > is for the sole use of the intended recipient(s) and may contain > confidential and privileged information which should not be shared or > forwarded. Any unauthorized review, use, disclosure or distribution is > prohibited. If you are not the intended recipient, please contact the > sender by reply e-mail and destroy all copies of the e-mail.* > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: > https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
