In the past little while, we've seen
a wave of attacks on asterisk, via the
provisioning.
It goes something like this:
A. scan for IP phones on the internet,
either via spotting something on port 5060,
or via the port 80 web interface for the phone.
Or, use web sites that scan the
On 5/22/2014 12:41 PM, Steve Murphy wrote:
So, these defenses can be employed to stop/ameliorate such
hacking efforts:
1. Keep your phones behind a firewall. Travellers, beware!
Never leave the default login info of the phone at default!
2. Never use the default provisioning URL for the
On Mon, 2011-12-05 at 18:51 -0800, Steve Edwards wrote:
snip
Your security needs depends on your environment. At this point in time,
all of the hosts I manage for my clients exist in very limited
environments and have very small attack surfaces. They are racked in
secure data centers. They
On Tue, Dec 6, 2011 at 5:19 AM, Hans Witvliet aster...@a-domani.nl wrote:
On Mon, 2011-12-05 at 18:51 -0800, Steve Edwards wrote:
snip
Your security needs depends on your environment. At this point in time,
all of the hosts I manage for my clients exist in very limited
environments and have
Well, that means opening up VPN connections from everywhere. Thats why
I suggested turning off the server completely.
hmmm - I thought that was the point of a vpn
--
_
-- Bandwidth and Colocation Provided by
On Fri, Dec 2, 2011 at 11:35 AM, Jim Lucas li...@cmsws.com wrote:
On 11/26/2011 5:00 PM, C F wrote:
On Sat, Nov 26, 2011 at 7:50 AM, Gordon Henderson
gordon+aster...@drogon.net wrote:
On Sat, 26 Nov 2011, Terry Brummell wrote:
Install Configure Fail2Ban then the host will be blocked from
(This horse just won't stay dead...)
My apologies if I mis-attribute who wrote what.
On Fri, Dec 2, 2011 at 11:35 AM, Jim Lucas li...@cmsws.com wrote:
How is using Fail2Ban less resource intensive then me writing (by hand)
iptable rules?
On Mon, 5 Dec 2011, C F wrote:
Sorry I wasnt very
On Mon, Dec 5, 2011 at 9:51 PM, Steve Edwards asterisk@sedwards.com wrote:
(This horse just won't stay dead...)
My apologies if I mis-attribute who wrote what.
On Fri, Dec 2, 2011 at 11:35 AM, Jim Lucas li...@cmsws.com wrote:
How is using Fail2Ban less resource intensive then me
On 11/26/2011 5:00 PM, C F wrote:
On Sat, Nov 26, 2011 at 7:50 AM, Gordon Henderson
gordon+aster...@drogon.net wrote:
On Sat, 26 Nov 2011, Terry Brummell wrote:
Install Configure Fail2Ban then the host will be blocked from
connecting. And no, it's not new.
I don't need Fail2Ban, thank
-Commercial Discussion
Subject: Re: [asterisk-users] A new hack?
On 11/26/2011 5:00 PM, C F wrote:
On Sat, Nov 26, 2011 at 7:50 AM, Gordon Henderson
gordon+aster...@drogon.net wrote:
On Sat, 26 Nov 2011, Terry Brummell wrote:
Install Configure Fail2Ban then the host will be blocked from
On Fri, 2 Dec 2011, Jim Lucas wrote:
How is using Fail2Ban less resource intensive then me writing (by hand)
iptable rules?
It depends on how you define resources and how much of those resources you
have.
Gordon (based on my understanding of his posts) does a lot of Asterisk
systems on
On 12/2/2011 12:44 PM, Steve Edwards wrote:
On Fri, 2 Dec 2011, Jim Lucas wrote:
How is using Fail2Ban less resource intensive then me writing (by
hand) iptable rules?
It depends on how you define resources and how much of those resources
you have.
Gordon (based on my understanding of his
On Fri, Dec 2, 2011 at 12:44 PM, Steve Edwards
asterisk@sedwards.com wrote:
Gordon (based on my understanding of his posts) does a lot of Asterisk
systems on very limited hardware hosts. His approach uses iptables features
to limit the number of SIP INVITES and REGISTERS per second per IP
On Tue, 29 Nov 2011, C F wrote:
On Mon, Nov 28, 2011 at 10:57 AM, Tom Browning ttbrown...@gmail.com wrote:
On Sun, Nov 27, 2011 at 8:47 AM, Gordon Henderson
gordon+aster...@drogon.net wrote:
Linux has excellent built-in subsystems to control firewalling and so on
without resorting to external
On Wed, 30 Nov 2011, Tom Browning wrote:
On Tue, Nov 29, 2011 at 4:44 PM, john Millican j...@millican.us wrote:
Maybe I am misunderstanding the gist of the comment
OP offered an invalid comparison of how iptables is better than Fail2Ban.
Whether or not OP knew that Fail2Ban simply feeds
On Wed, 30 Nov 2011, jon pounder wrote:
On 11/30/2011 09:01 AM, Tom Browning wrote:
I agree - its a bad comparison of 2 different things meant for different
purposes.
iptables is enforcement, fail2ban is detection.
iptables can also detect and log these detections.
if you have time to
On Tue, 29 Nov 2011, C F wrote:
BTW, you were just proven wrong, you need it for this hack.
In addition to the few hundred protected asterisk installations I run, I
also run a few honeypots.
Gordon
--
_
-- Bandwidth and
On Thu, Dec 1, 2011 at 8:13 AM, Gordon Henderson
gordon+aster...@drogon.net wrote:
Yes, I know exactly how Fail2Ban works.
Then you should be able to proffer a better argument of why it isn't necessary.
--
_
-- Bandwidth and
On Thu, Dec 1, 2011 at 8:15 AM, Gordon Henderson
gordon+aster...@drogon.net wrote:
On Tue, 29 Nov 2011, C F wrote:
BTW, you were just proven wrong, you need it for this hack.
In addition to the few hundred protected asterisk installations I run, I
also run a few honeypots.
Protected? You
On Tue, Nov 29, 2011 at 4:44 PM, john Millican j...@millican.us wrote:
Maybe I am misunderstanding the gist of the comment
OP offered an invalid comparison of how iptables is better than Fail2Ban.
Whether or not OP knew that Fail2Ban simply feeds rules to iptables is
unclear from his comments.
On 11/30/2011 09:01 AM, Tom Browning wrote:
I agree - its a bad comparison of 2 different things meant for different
purposes.
iptables is enforcement, fail2ban is detection.
if you have time to sit and make up iptables rules by hand during every
hack attempt
1) you have too much time on
On Sun, Nov 27, 2011 at 8:47 AM, Gordon Henderson
gordon+aster...@drogon.net wrote:
On Sat, 26 Nov 2011, C F wrote:
On Sat, Nov 26, 2011 at 7:50 AM, Gordon Henderson
gordon+aster...@drogon.net wrote:
On Sat, 26 Nov 2011, Terry Brummell wrote:
Install Configure Fail2Ban then the host will
On Mon, Nov 28, 2011 at 10:57 AM, Tom Browning ttbrown...@gmail.com wrote:
On Sun, Nov 27, 2011 at 8:47 AM, Gordon Henderson
gordon+aster...@drogon.net wrote:
Linux has excellent built-in subsystems to control firewalling and so on
without resorting to external programs. It's called iptables.
On 11/29/2011 12:48 PM, C F wrote:
On Mon, Nov 28, 2011 at 10:57 AM, Tom Browningttbrown...@gmail.com wrote:
On Sun, Nov 27, 2011 at 8:47 AM, Gordon Henderson
gordon+aster...@drogon.net wrote:
Linux has excellent built-in subsystems to control firewalling and so on
without resorting to
On Sun, Nov 27, 2011 at 8:47 AM, Gordon Henderson
gordon+aster...@drogon.net wrote:
Linux has excellent built-in subsystems to control firewalling and so on
without resorting to external programs. It's called iptables. If you know
how to use them, then using an external resource such as
On Sat, 26 Nov 2011, C F wrote:
On Sat, Nov 26, 2011 at 7:50 AM, Gordon Henderson
gordon+aster...@drogon.net wrote:
On Sat, 26 Nov 2011, Terry Brummell wrote:
Install Configure Fail2Ban then the host will be blocked from
connecting. And no, it's not new.
I don't need Fail2Ban, thank you.
Or just an old one that I've not noticed before...
Seeing lines like this in the logs:
[Nov 26 08:47:17] NOTICE[789] chan_sip.c: Sending fake auth rejection for user VOIP
sip:VOIP@85.25.145.176;tag=E2lb2p9BOJ
[Nov 26 08:47:17] NOTICE[789] chan_sip.c: Sending fake auth rejection for user VOIP
To: Asterisk Users Mailing List Discussion
Subject: [asterisk-users] A new hack?
Or just an old one that I've not noticed before...
Seeing lines like this in the logs:
[Nov 26 08:47:17] NOTICE[789] chan_sip.c: Sending fake auth rejection
for user VOIP sip:VOIP@85.25.145.176;tag=E2lb2p9BOJ
[Nov 26 08
...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Gordon
Henderson
Sent: Saturday, November 26, 2011 6:55 AM
To: Asterisk Users Mailing List Discussion
Subject: [asterisk-users] A new hack?
Or just an old one that I've not noticed before...
Seeing lines like
On Sat, Nov 26, 2011 at 7:50 AM, Gordon Henderson
gordon+aster...@drogon.net wrote:
On Sat, 26 Nov 2011, Terry Brummell wrote:
Install Configure Fail2Ban then the host will be blocked from
connecting. And no, it's not new.
I don't need Fail2Ban, thank you. But your advice might be useful
30 matches
Mail list logo