I think what most people keep forgetting is sip is not the only attack vector , many boxes are compromised via there other services which make your sip passwords easy picking. Look at trixbox it's a kitchen sink.
Sent from my iPad On Jan 21, 2013, at 5:58 PM, Henry Coleman <[email protected]> wrote: > I had a few hacks into my asterisk boxes over the years. > I now use Fail2ban which kicks out any hackers within a few SIP password > attempts. > My router is blocked against remote access and I only port forward the > minimum SIP ports. > I also block international calls on most trunks (using unlimitel) except on > one trunk and give that a PIN code access only > in my trunk route I only give access to friendly international dialling codes > ie. 01144xx. > Another possible hack uses the "S" default for incoming calls. I close this > off by routing all none identified DIDs to hang-up. > If you are using Freepbx GUI make sure that anominous calls are not allowed > (general settings) > Internal phones also allow only calls from a certain IP address and netmask. > Make your SIP passwords to a very secure and long (you can use Upper and > lower case as well as !@#$%^&*()><?+ ) > There may be other things one can do, they still try to hack but usually give > up after a few attempts. > I usually send an email of the fail2ban log file to the hacks IT provider a > few will reply saying they will be looking into it. > These are usually ex-USSR country but the last hack attempt was from GAZA > > Most hackers are looking for a free international calls and they can rack-up > $50 worth of calls in a few minutes using 4 or 5 channels at once. Again if > you are using Freepbx you can restrict the number of simultaneous outgoing > calls from an extension. > > If anyone has information that can improve on the above procedures please > share your information. > > Henry > > > Henry L. Coleman > > ----- Forwarded Message ----- >> From: StéphanMonette <[email protected]> >> To: [email protected] >> Cc: [email protected] >> Sent: Monday, January 21, 2013 3:36:49 PM >> Subject: Re: [on-asterisk] my Unlimitel SIP account is hacked again >> >> Roger, >> >> Just to make sure I didn't left my list of userids and passwords in some >> file with Google or somewhere else, I would first login into the web portal >> and reset my SIP and IAX passwords. >> >> I've seen a lot of people with their Hotmail, Gmail, Yahoo Mail accounts >> hacked without them knowing about it. Sometimes; the hackers are getting the >> userids and passwords from the saved emails you have left in your Gmail or >> other free email services! They usually look for bank account data, but they >> would sell any good information to anyone willing to pay for it including >> SIP accounts info! >> >> In the past when I was working on the Unlimitel systems, we made sure the >> username and passwords could not be guessed. We even stopped sending >> passwords by email! And we would still see users having their passwords >> stolen because they shared a Google drive (docs back then) with someone else >> who got their google account hacked!!!! >> >> After Primus took over, they even went an extra step by blocking any IP that >> would fail to register a SIP account to stop hackers from guessing Unlimitel >> SIP passwords. >> >> The web portal is designed so that your browser do not cache any infos! The >> passwords are not even listed in TEXT on the web portal to make sure >> customers with some sort of virus or malware could spy on your data! So if >> the hackers were able to make calls using your SIP credentials, this means >> they had the right data on hand and never got blocked because they never >> failed the SIP authentication. >> >> So I would suggest to reset your passwords (using the web portal) and do not >> save your passwords list anywhere on your computer or cloud storage services. >> >> That should stop them. If not, use a different tools or softphone! >> >> >> On 2013-01-21, at 3:20 PM, Mark Brown <[email protected]> wrote: >> >>> Roger, >>> >>> Is there a chance the phone was compromised? >>> >>> You didn't say what phone or app you were using. >>> >>> Android phones seem to have a swiss cheese security model, and many apps >>> are not always as they seem..... >>> I'm not sure the iPhones are much better. >>> I've automatically discounted Windows phones.... :-) >>> >>> I have a remote ATA with Unlimitel, and I haven't had such a problem.... >>> yet. >>> >>> /M >>> >>> On 1/21/2013 9:33 AM, Yajie wrote: >>>> this has been pain in the ass. as soon as I make some international calls >>>> for several days, my account will be hacked, hacker made a lot of calls to >>>> high rate country in no time and my account will be blocked by Unlimitel. >>>> this happened at least 5 times in last two years. my friend has same issue >>>> too. interestingly, i didn't use asterisk to make calls recently, but a >>>> SIP softphone on my cell phone. so there is no way hacker can hack into >>>> my >>>> asterisk. I know unlimtel has much restrict password rule than any other >>>> ITSP i used. but only unlimitel got hacked every time . Do you guys know >>>> why? or i really should abandon Unlimitel's ship? Thanks! >>>> >>>> >>>> Roger >>>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
