Re: [asterisk-users] Hacking

Tue, 18 Jun 2019 07:59:25 -0700
Our provisioning servers listen on a high numbered port.  We generally don't have any issues with scanning... 

Cheers,

j

On 6/18/19 7:18 AM, John Runyon wrote:

Just to jump in on this, this just started happening to our system a 
couple days ago. (To the tune of 3GB of webserver access logs yesterday)
Our server gives them a 403 for /yealink/ (and a 404 for everything 
else) - given that they're still trying to bruteforce it, it looks 
like I'm gonna be changing it to give them a 404.
Looks like someone's making a big effort to find provisioning files 
though.



On Mon, Jun 17, 2019, 13:35 John Kiniston <[email protected] 
<mailto:[email protected]>> wrote:




    On Sun, Jun 16, 2019 at 3:37 PM John T. Bittner <[email protected]
    <mailto:[email protected]>> wrote:

        Anyone know how someone can hack an asterisk box and register
        with every single account on the box.

        This box only has 3 accounts, with very complex passwords.
        Have VoIP blacklist setup and fail2ban…


    I've seen this happen when web-based provisioning is used, I have
    seen attempts to download configuration files off of my
    provisioning server increase in frequency over the last two years.

    The 'Hacker' will do a get on /polycom /cisco /yealink /aastra
    /mitel etc, If they get a valid response they will start
    enumerating mac addresses

    /polycom/0004F2018101.cfg
    /polycom/0004F2018102.cfg
    ...
    /polycom/0004F2018109.cfg

    Then they will use any credentials gained in the download attack
    to place calls, registering as needed.


    -- 
    _____________________________________________________________________

    -- Bandwidth and Colocation Provided by http://www.api-digital.com --

    Check out the new Asterisk community forum at:
    https://community.asterisk.org/

    New to Asterisk? Start here:
    https://wiki.asterisk.org/wiki/display/AST/Getting+Started

    asterisk-users mailing list
    To UNSUBSCRIBE or update options visit:
    http://lists.digium.com/mailman/listinfo/asterisk-users





-- 
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
      https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users





















					Reply via email to