Re: [asterisk-users] My Asterisk Box was hacked
Hello! First of all, you should disable unused VoIP protocols. Than remove all guest accounts from used protocols, disable guest unauth access. Always use strong passwords for accounts, for users on your system. Passwords shouldn't be eq username. Move port binds on LAN network for all active services as much as you can (i.e. SHH should be on WAN too I think). Use iptables for blocking password bruteforce. Try to install fail2ban with jails for asterisk, ssh, HTTP and other public services. Then you can try to install PSAD (port scan autodetect) to prevent attacks. And never use default context in asterisk for word calls directions. And you should always keep your software up to date. There much more security issues than you think. Good Luck! On 21.07.2011 09:29, Malvin Rito wrote: Hi List, My asterisk box was hacked! Can anyone help on how do I secure my asterisk box, currently my box is installed with 2 NIC. 1st NIC is for LAN access and 2nd NIC has a public IP which is registered to our VoIP Provider. As I remember I already tried putting our Box on NAT but unfortunately due to some issue like call is dropped after 30 seconds and sometimes voice are not heard. Then we disable again the NAT. Your advise will be much appreciated. Thanks in advance. Regards, Malvin -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] My Asterisk Box was hacked
Thanks. Any link for me to check for the procedure to implement those? Regards, Malvin On 7/21/2011 1:59 PM, Захаров Антон wrote: Hello! First of all, you should disable unused VoIP protocols. Than remove all guest accounts from used protocols, disable guest unauth access. Always use strong passwords for accounts, for users on your system. Passwords shouldn't be eq username. Move port binds on LAN network for all active services as much as you can (i.e. SHH should be on WAN too I think). Use iptables for blocking password bruteforce. Try to install fail2ban with jails for asterisk, ssh, HTTP and other public services. Then you can try to install PSAD (port scan autodetect) to prevent attacks. And never use default context in asterisk for word calls directions. And you should always keep your software up to date. There much more security issues than you think. Good Luck! On 21.07.2011 09:29, Malvin Rito wrote: Hi List, My asterisk box was hacked! Can anyone help on how do I secure my asterisk box, currently my box is installed with 2 NIC. 1st NIC is for LAN access and 2nd NIC has a public IP which is registered to our VoIP Provider. As I remember I already tried putting our Box on NAT but unfortunately due to some issue like call is dropped after 30 seconds and sometimes voice are not heard. Then we disable again the NAT. Your advise will be much appreciated. Thanks in advance. Regards, Malvin -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] My Asterisk Box was hacked
On 21.07.2011 09:29, Malvin Rito wrote: My asterisk box was hacked! On Thu, 21 Jul 2011, Захаров Антон wrote: First of all, you should disable unused VoIP protocols. Once a box has been hacked you cannot trust anything. Disconnect the box from the network, save whatever DATA ONLY you cannot live without, DBAN the disk and start over. Before you re-install the OS, read up on what you should have done the first time. -- Thanks in advance, - Steve Edwards sedwa...@sedwards.com Voice: +1-760-468-3867 PST Newline Fax: +1-760-731-3000-- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] My Asterisk Box was hacked
Yeap, drop out box is normal idea. But it's strongly wired what type of hack was. If it was only traffic leak without any footsteps in your system (shell history, files modification time, logs) I don't think that box couldn't be used any longer. Try to use port knocking ( http://www.portknocking.org/ ) for opening SSH ports for more secure access. And if you have enough time, box could be reinstalled. Malvin Rito is right. Attacker could place rootkit on your system that couldn't easily detected. On 21.07.2011 10:31, Steve Edwards wrote: On 21.07.2011 09:29, Malvin Rito wrote: My asterisk box was hacked! On Thu, 21 Jul 2011, Захаров Антон wrote: First of all, you should disable unused VoIP protocols. Once a box has been hacked you cannot trust anything. Disconnect the box from the network, save whatever DATA ONLY you cannot live without, DBAN the disk and start over. Before you re-install the OS, read up on what you should have done the first time. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] My Asterisk Box was hacked
Really, since you sound like a novice in the Asterisk world, maybe rolling your own solution isn't a good idea. Why not use an all-in-one solution like PBX in a Flash? -Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Malvin Rito Sent: Thursday, July 21, 2011 1:29 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: [asterisk-users] My Asterisk Box was hacked Hi List, My asterisk box was hacked! Can anyone help on how do I secure my asterisk box, currently my box is installed with 2 NIC. 1st NIC is for LAN access and 2nd NIC has a public IP which is registered to our VoIP Provider. As I remember I already tried putting our Box on NAT but unfortunately due to some issue like call is dropped after 30 seconds and sometimes voice are not heard. Then we disable again the NAT. Your advise will be much appreciated. Thanks in advance. Regards, Malvin -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] My Asterisk Box was hacked
On Thu, 21 Jul 2011 13:29:09 +0800 Malvin Rito mr...@mail.altcladding.com.ph wrote: My asterisk box was hacked! Can anyone help on how do I secure my asterisk box, currently my box is installed with 2 NIC. 1st NIC is for LAN access and 2nd NIC has a public IP which is registered to our VoIP Provider. Seven Steps to Better SIP Security with Asterisk http://blogs.digium.com/2009/03/28/sip-security/ -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] My Asterisk Box was hacked
When I get hacked I typically run a rootkit checker http://www.chkrootkit.org/ -Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Chad Wallace Sent: Thursday, July 21, 2011 2:18 PM To: asterisk-users@lists.digium.com Subject: Re: [asterisk-users] My Asterisk Box was hacked On Thu, 21 Jul 2011 13:29:09 +0800 Malvin Rito mr...@mail.altcladding.com.ph wrote: My asterisk box was hacked! Can anyone help on how do I secure my asterisk box, currently my box is installed with 2 NIC. 1st NIC is for LAN access and 2nd NIC has a public IP which is registered to our VoIP Provider. Seven Steps to Better SIP Security with Asterisk http://blogs.digium.com/2009/03/28/sip-security/ -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] My Asterisk Box was hacked
On Thu, 21 Jul 2011, Robert Huddleston wrote: When I get hacked I typically run a rootkit checker http://www.chkrootkit.org/ How often do you get hacked? How are 'they' breaking in? -- Thanks in advance, - Steve Edwards sedwa...@sedwards.com Voice: +1-760-468-3867 PST Newline Fax: +1-760-731-3000 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] My Asterisk Box was hacked
Are you sure your box was actually hacked? Or did someone take advantage of a configuration error? -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] My Asterisk Box was hacked
Hi List, My asterisk box was hacked! Can anyone help on how do I secure my asterisk box, currently my box is installed with 2 NIC. 1st NIC is for LAN access and 2nd NIC has a public IP which is registered to our VoIP Provider. As I remember I already tried putting our Box on NAT but unfortunately due to some issue like call is dropped after 30 seconds and sometimes voice are not heard. Then we disable again the NAT. Your advise will be much appreciated. Thanks in advance. Regards, Malvin -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users