Problem possible hack

Discussion in 'General' started by bandaampla, Mar 8, 2010.

  1. bandaampla

    Joined:
    Jul 14, 2009
    Messages:
    20
    Likes Received:
    0
    hi there.

    I'm having big big problems with my elastix box.

    We're from spain and we have our elastix behind a firewall, allowing connection to elastix only from our office. What happens is that someone is connection and making calls from and extension. How is this possible? we're using version 1.5-9.

    Hola a todos.

    Tenemos un gran problema con nustra centralita elastix. somos de españa y tenemos nuestra centralita detras de un firewall. nos podemos conectar a la centralita solo desde la ip de nuestra oficina, pero alguien de fuera esta haciendo llamas a un numer 905 que vale 30
     
  2. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    If you are indeed isolated totally by your firewall, then you should question your internal users, the ip address of the extension making the call will usually be apparent in the /var/log/asterisk/full* files.

    If as I suspect you have an external VOIP provider, and DO allow inbound connections on udp/5060 (SIP signaling) then you should restrict your firewall to only accept such connections from your VOIP provider (same for IAX2 connections).

    As a bare minimum, update asterisk and add

    alwaysauthreject=yes

    to

    /etc/asterisk/sip_general_additional.conf

    and read the other posts here for fail2ban which will dynamically notice hacking attempts and deny access to those entities.

    dicko
     
  3. bandaampla

    Joined:
    Jul 14, 2009
    Messages:
    20
    Likes Received:
    0
    what i saw...ater removing that extension... is that the atack incomming ip is the elastix box's ip. so... if the the box in firewalled allowing access only from our office... how is that possible?
     
  4. Mathiau

    Joined:
    Jul 16, 2009
    Messages:
    227
    Likes Received:
    0
    Someone has gained access to your network through another system or exploit and then connects to your PBX.
     

Share This Page