"asterisk" keeps calling extensions..been hacked?

Discussion in 'General' started by tbooth, Mar 17, 2011.

  1. tbooth

    Joined:
    Feb 24, 2007
    Messages:
    338
    Likes Received:
    0
    phones will ring and caller ID says "asterisk" pick it up and its dead air.

    CRD=2011-03-17 00:14:49 asterisk s SIP/194.28.114.3-08c254d0

    I have no idea what 194.28.114.3 is??

    Search says MOLDOVA, REPUBLIC OF
     
  2. fmvillares

    Joined:
    Sep 8, 2007
    Messages:
    1,785
    Likes Received:
    0
    yeap u were hacked or being ataqued...btw u have anonymous sip enabled right? and an old asterisk version ?
     
  3. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    tbooth:

    Time for a firewall maybe?

    dicko
     
  4. tbooth

    Joined:
    Feb 24, 2007
    Messages:
    338
    Likes Received:
    0
    yes anonymous sip calls is enabled. This system uses only Vitelity sip trunks no analog.

    asterisk version 1.4.22
    elastix 1.5.2-2

    If I disable anonymous sip calls wont my Vitelity trunks stop registering?
     
  5. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    If you have Vitelity send your calls to your IP you will need to allow anonymous calls, if you register your server against your account there with a registration then you can disallow it

    rasterisk -x 'sip show registry'
     
  6. fmvillares

    Joined:
    Sep 8, 2007
    Messages:
    1,785
    Likes Received:
    0
    and u have an asterisk 1.4.22 from 2009 in open internet..is like walking in the streets of bangladesh with a car full of food...
     
  7. tbooth

    Joined:
    Feb 24, 2007
    Messages:
    338
    Likes Received:
    0
    OK. so this particular account does not have a static ip they register the account. I will turn it off. Thanks I did not know that.
     
  8. fmvillares

    Joined:
    Sep 8, 2007
    Messages:
    1,785
    Likes Received:
    0
    only turning that off is not going to solve anything as you have more security holes that windows you need to upgrade all the system ASAP
     
  9. tbooth

    Joined:
    Feb 24, 2007
    Messages:
    338
    Likes Received:
    0
    I agree working on IP tables as well. Thanks.
     
  10. fmvillares

    Joined:
    Sep 8, 2007
    Messages:
    1,785
    Likes Received:
    0
    again the same ip tables let the 5060 port open and the rtp too so anyone with a brute force scan should and can hack in into your system using any of the vulnerabilities that 1.4.22 has...
    up to today there are more that 100 ways to attack and old 1.4.22 asterisk via sip only...look in downloads.asterisk.org security and the changelog since 1.4.22 to actual 1.4.40
    its up to you then to get hacked over and over again
     

Share This Page