sipvicious

jasong

Joined
Aug 20, 2009
Messages
34
Likes
0
Points
0
#1
Just a heads up, I installed Elastix yesterday, within one hour of installation I had someone trying to access my Asterisk with Sipvicious. This box has never been used for a SIP registration, so I find it really strange that within an hour of installing Elastix someone knew to scan my IP. They were also able to register with one of my extensions, I use 8 digit extension passwords, and I know for a fact Sipvicious would not have been able to crack my password. Only someone who knew my "default" DB passwords must have accessed mysql to get the password to that extension.

There are a couple forums out there that explain how to protect yourself against Sip scans. Let me know if you need help. I also recommend changing all of your default Asterisk and Mysql passwords, it was a real pain to change all the passwords, but once completed you will much safer.

I wonder why Elastix doesn't give you an easy way of changing these password, like Trixbox?
 

leevancleef

Joined
Dec 10, 2008
Messages
47
Likes
0
Points
0
#2

jasong

Joined
Aug 20, 2009
Messages
34
Likes
0
Points
0
#3
I changed all my passwords and cloned my server to a new IP since I have a static IP, that seemed to eliminate the attempts to access asterisk. I am getting some weird logs in my httpd access log, from http://www.worldofvoracity.com/smf/, not sure why I have traffic originating from that URL, but the site looks suspiciously similar to the one that tried accessing your system.

Here is something you can do to block against sipvicious attacks. I tried it and it does work

Code:
nano /etc/asterisk/sip_custom.conf

add this line

alwaysauthreject=yes
Then amportal restart

That will return the following when sipvicious tries scanning your server

Code:
ERROR:TakeASip:SIP server replied with an authentication request for an unknown extension. Set --force to force a scan.
WARNING:root:found nothing
Also, someone at Elastix should take the time to make sure their software is secure. It is almost like someone has access to the download logs and what IP addresses downloaded the software.
 

jasong

Joined
Aug 20, 2009
Messages
34
Likes
0
Points
0
#4

leevancleef

Joined
Dec 10, 2008
Messages
47
Likes
0
Points
0
#5
Hi jasong

Many thanks for your advice.
Yes both sites looks quite similar. I don't think that anyone can access elastix download logs, in fact I download it a year ago. I guess that they could sniff voip providers traffic and try luck.
Right now I'm using ipkall, voipbuster, telsome, eutelia, didww, and gizmo.
I don't know what to think, if this online gamers websites are hacked, or perhaps this people is attacking us directly. In any case I don't think what they are doing is legal.

Regards
 

Members online

No members online now.

Latest posts

Forum statistics

Threads
30,916
Messages
130,922
Members
17,598
Latest member
giornaso
Top