At the risk of exposing secrets....
5- Use alpha characters in account names
One of my customers was alerted to a successful hack by their service
provider (thanks Stephan!). The only accounts exploited were the two
remaining ones that were still numeric, the rest started with an alpha
"company code". These were not even touched.
Every instance of an attack I have seen uses three or four digit NUMBERS
for the account name, I have yet to see an attack on accounts with
letters in its name. Although account names are traditionally the
"extension" number, Asterisk has no problem evaluating alphanumeric
names. It's trivial to prepend dialled digits with a text string and
strip it out again if needed.
regards,
Drew
Stephan Monette wrote:
Saurin,
Hackers usually do their work after normal business hours in most cases.
This is why you may see more activity during weekends and specially if it's a
long weekend.
Here's some tips for the community:
1- Always try to filter (using your router) incoming SIP packets base on the
static IP address and only accept packets from your SIP provider and known SIP
extension's IP address if possible.
2- Use strong password on all your web management interface.
3- Use strong password on all your trunks, IAX2& SIP extensions.
4- If you do not make International calls, remove the 011... extension from
your dialplan. Most hackers wants to use your PBX to make international calls
on your account.
These lines should help you protect your server. It's not a complete solution
but it will reduce your chances of being hacked.
A strong password should at least include a minimum of 8 digits with a mix of
numbers and letters.
Stephan Monette
Unlimitel Inc.
On 2010-10-31, at 12:33 PM, saurin ajmeri wrote:
Hi Guys,
Just wondering if anybody else are experiencing increasing attack on
asterisk since last Friday. So Far i got almost 700 attempts and Fail2ban
have banned those IP. Its mix attack from all over the place mostly from
telecoms company from middle east, UK, France and Russia.
Thanks,
Saurin
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
