[asterisk-users] Unregistred users can pass calls, peer being static

2010-01-27 Thread Administrator TOOTAI
Hi, we had an attack on a server and we don't understand how it was possible, Asterisk 1.4.28/Debian Lenny 5.1 Attacker came from PALTEL, network 188.161.128.0/18 Hacked account had following setup: [111] type=friend username=111 context=from-111 host=11.22.33.44 dtmfmode=auto qualify=yes

Re: [asterisk-users] Unregistred users can pass calls, peer being static

2010-01-27 Thread wins mallow
On Wed, 2010-01-27 at 11:47 +0100, Administrator TOOTAI wrote: Hi, we had an attack on a server and we don't understand how it was possible, Asterisk 1.4.28/Debian Lenny 5.1 Attacker came from PALTEL, network 188.161.128.0/18 Hacked account had following setup: [111] type=friend

Re: [asterisk-users] Unregistred users can pass calls, peer being static

2010-01-27 Thread Olle E. Johansson
27 jan 2010 kl. 11.47 skrev Administrator TOOTAI: Hi, we had an attack on a server and we don't understand how it was possible, Asterisk 1.4.28/Debian Lenny 5.1 Attacker came from PALTEL, network 188.161.128.0/18 Hacked account had following setup: [111] type=friend username=111

Re: [asterisk-users] Unregistred users can pass calls, peer being static

2010-01-27 Thread Administrator TOOTAI
wins mallow a écrit : On Wed, 2010-01-27 at 11:47 +0100, Administrator TOOTAI wrote: [...] Check your sip.conf allowguest=no Guest are allowed and going to a different context. Logs are showing that calls are going out to the from-111 context, so its this account which was

Re: [asterisk-users] Unregistred users can pass calls, peer being static

2010-01-27 Thread Administrator TOOTAI
Olle E. Johansson a écrit : 27 jan 2010 kl. 11.47 skrev Administrator TOOTAI: Hi, we had an attack on a server and we don't understand how it was possible, Asterisk 1.4.28/Debian Lenny 5.1 Attacker came from PALTEL, network 188.161.128.0/18 Hacked account had following setup:

Re: [asterisk-users] Unregistred users can pass calls, peer being static

2010-01-27 Thread Kevin P. Fleming
Administrator TOOTAI wrote: Olle E. Johansson a écrit : 27 jan 2010 kl. 11.47 skrev Administrator TOOTAI: Hi, we had an attack on a server and we don't understand how it was possible, Asterisk 1.4.28/Debian Lenny 5.1 Attacker came from PALTEL, network 188.161.128.0/18 Hacked

Re: [asterisk-users] Unregistred users can pass calls, peer being static

2010-01-27 Thread Håkon Nessjøen
On Wed, Jan 27, 2010 at 6:10 PM, Kevin P. Fleming kpflem...@digium.comwrote: 1) When a sip.conf entry is defined as 'type=friend' *and* has a specific host IP address (not dynamic), we could just ignore the 'user' part and create only the 'peer' part. This would result in incoming calls being

Re: [asterisk-users] Unregistred users can pass calls, peer being static

2010-01-27 Thread Administrator TOOTAI
Hi Kevin Kevin P. Fleming a écrit : [...] This conversation brings to mind two possible ways we could improve Asterisk to help users from falling into this trap: 1) When a sip.conf entry is defined as 'type=friend' *and* has a specific host IP address (not dynamic), we could just ignore the