Mark,
So then the hacker was able to hack you by:
IP
SIP account name
SIP password
???
As you know, I was hacked my IP and SIP account, but they were
unable to get the password. Would a static IP from your cell phone provider
help with a "guilty unless allowed access" strategy work?
Eric
-----Original Message-----
From: Mark Phillips [mailto:[email protected]]
Sent: Saturday, September 18, 2010 8:55 PM
To: AstLinux Users Mailing List
Subject: [Astlinux-users] Call Theft again - questions
Hi All,
Well, for the second time in about a month I've been the victim of call
theft to the tune of almost $1000. It would seem that someone is able to
acquire an extension on my AstLinux box and use it to call Somalia for a
few minutes at a time over and over again until I catch it.
Luckily this time my provider was on the lookout and trapped the theft
after about $250 of calls were made.
To get to the point, Broadvoice's call log show that I made a good many
calls to a particular number in Somalia but my log does not. Indeed, my
log as viewed via the AstLinux Management web interface shows that the
last call made by one of my users was at around 1030am today. The last
call to Somalia was at 5:48 tonight.
I have a number of questions all related to SIP security but my biggest
question is "why don't the calls show up in my log?" My provider can
show logs demonstrating that the Somalia calls came from my IP address
and I did spot the odd one or 2 towards the end originating from an
extension within my number plan.
So back to my SIP questions, I use a combination of hard and softphones
around the house and a softphone on my new Android phone. I occasionally
use a softphone on my laptop remotely via L2TP VPN.
Each entry in my sip.conf file has this in it;
deny=0.0.0.0/0.0.0.0
permit=192.168.201.0/255.255.255.0
permit=192.168.202.0/255.255.255.0
but yet still the hacker/thief was able to get in.
When I spotted the theft I noted that the thief was using exten 2201 (my
android softphone), the UA as reported by "sip show peer 2201" was
"MySIP" (an app I was never able to get working correctly) but yet my
Android wasn't running the MySIP softphone at the time.
Could it be that the MySIP app was in fact some sort of Android Trojan?
How well do if at all do the deny/permit parameters in sip.conf work?
How well does the SIP module in AstLinux stand up to brute force attacks
(I'm assuming the thief tried that as well)?
I'm now so worried about another one of these occurrences that I'm
having to disable SIP access on my monoWall which in turn will impact my
ability to work.
Ideas??
Thanks
Mark
----------------------------------------------------------------------------
--
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Astlinux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
[email protected].
------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Astlinux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
[email protected].
