"asterisk" keeps calling extensions..been hacked?

tbooth

Joined
Feb 24, 2007
Messages
338
Likes
0
Points
0
#1
phones will ring and caller ID says "asterisk" pick it up and its dead air.

CRD=2011-03-17 00:14:49 asterisk s SIP/194.28.114.3-08c254d0

I have no idea what 194.28.114.3 is??

Search says MOLDOVA, REPUBLIC OF
 

fmvillares

Joined
Sep 8, 2007
Messages
1,785
Likes
0
Points
0
#2
yeap u were hacked or being ataqued...btw u have anonymous sip enabled right? and an old asterisk version ?
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#3
tbooth:

Time for a firewall maybe?

dicko
 

tbooth

Joined
Feb 24, 2007
Messages
338
Likes
0
Points
0
#4
yes anonymous sip calls is enabled. This system uses only Vitelity sip trunks no analog.

asterisk version 1.4.22
elastix 1.5.2-2

If I disable anonymous sip calls wont my Vitelity trunks stop registering?
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#5
If you have Vitelity send your calls to your IP you will need to allow anonymous calls, if you register your server against your account there with a registration then you can disallow it

rasterisk -x 'sip show registry'
 

fmvillares

Joined
Sep 8, 2007
Messages
1,785
Likes
0
Points
0
#6
and u have an asterisk 1.4.22 from 2009 in open internet..is like walking in the streets of bangladesh with a car full of food...
 

tbooth

Joined
Feb 24, 2007
Messages
338
Likes
0
Points
0
#7
OK. so this particular account does not have a static ip they register the account. I will turn it off. Thanks I did not know that.
 

fmvillares

Joined
Sep 8, 2007
Messages
1,785
Likes
0
Points
0
#8
only turning that off is not going to solve anything as you have more security holes that windows you need to upgrade all the system ASAP
 

tbooth

Joined
Feb 24, 2007
Messages
338
Likes
0
Points
0
#9
I agree working on IP tables as well. Thanks.
 

fmvillares

Joined
Sep 8, 2007
Messages
1,785
Likes
0
Points
0
#10
again the same ip tables let the 5060 port open and the rtp too so anyone with a brute force scan should and can hack in into your system using any of the vulnerabilities that 1.4.22 has...
up to today there are more that 100 ways to attack and old 1.4.22 asterisk via sip only...look in downloads.asterisk.org security and the changelog since 1.4.22 to actual 1.4.40
its up to you then to get hacked over and over again
 

Members online

No members online now.

Latest posts

Forum statistics

Threads
30,902
Messages
130,887
Members
17,566
Latest member
Fpino
Top