Problem possible hack

bandaampla

Joined
Jul 14, 2009
Messages
20
Likes
0
Points
0
#1
hi there.

I'm having big big problems with my elastix box.

We're from spain and we have our elastix behind a firewall, allowing connection to elastix only from our office. What happens is that someone is connection and making calls from and extension. How is this possible? we're using version 1.5-9.

Hola a todos.

Tenemos un gran problema con nustra centralita elastix. somos de españa y tenemos nuestra centralita detras de un firewall. nos podemos conectar a la centralita solo desde la ip de nuestra oficina, pero alguien de fuera esta haciendo llamas a un numer 905 que vale 30
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#2
If you are indeed isolated totally by your firewall, then you should question your internal users, the ip address of the extension making the call will usually be apparent in the /var/log/asterisk/full* files.

If as I suspect you have an external VOIP provider, and DO allow inbound connections on udp/5060 (SIP signaling) then you should restrict your firewall to only accept such connections from your VOIP provider (same for IAX2 connections).

As a bare minimum, update asterisk and add

alwaysauthreject=yes

to

/etc/asterisk/sip_general_additional.conf

and read the other posts here for fail2ban which will dynamically notice hacking attempts and deny access to those entities.

dicko
 

bandaampla

Joined
Jul 14, 2009
Messages
20
Likes
0
Points
0
#3
what i saw...ater removing that extension... is that the atack incomming ip is the elastix box's ip. so... if the the box in firewalled allowing access only from our office... how is that possible?
 

Mathiau

Joined
Jul 16, 2009
Messages
227
Likes
0
Points
0
#4
Someone has gained access to your network through another system or exploit and then connects to your PBX.
 

Members online

No members online now.

Latest posts

Forum statistics

Threads
30,902
Messages
130,886
Members
17,564
Latest member
Mai Tuyen
Top