Why so many attacks to elastix-asterisk-tribox-etc

Discussion in 'General' started by tecnoclic, Jan 4, 2010.

  1. tecnoclic

    Joined:
    Jun 12, 2009
    Messages:
    29
    Likes Received:
    0
    Hi to all.
    My question is:
    Reading theese post, I have a question:
    how the attackers (hackers, lammers or any else) knows our (asterisk/elastix/tribox) ip to try to attack it?

    Is possible that (asterisk/elastix/tribox) has a bug, for example, a broadcast service to publish its ip?
    I think and I don't get any answer. I say it, becouse I installed my elastix and the next day I had 800 attemps to loggin. Of course I never (NEVER) published my elastix server ip, and I think nobody would does it. So how the attackers know the ip?

    Hola a todos.
    Mi pregunta es:
    La lectura de estos post, tengo una pregunta:
    cómo los atacantes (hackers, lammers o quien sea) conoce nuestra (asterisk / elastix / IP Tribox) para tratar de atacarlo?

    Es posible que (asterisk / elastix / Tribox):S tiene un error, por ejemplo, un servicio de difusión para publicar su IP?
    Pienso y no recibo ninguna respuesta. Lo digo, porque he instalado mi elastix y al día siguiente tuve 800 intentos para autenticarte. Por supuesto que nunca (NUNCA) publicó mi ip del servidor Elastix, y creo que nadie lo hace. Entonces, ¿cómo los atacantes conocer la ip?
     
  2. Patrick_elx

    Joined:
    Dec 14, 2008
    Messages:
    1,120
    Likes Received:
    0
    I don't know, however I wouldn't be surprised that one of the following may apply:

    - there are random try all the time on a ip range and you were in it. You ip was probably tried many times before but you never noticed it as you did not had any sip port open.
    - some people are monitoring some local distribution network and are picking up everything looking like SIP
    - one of your provider got his databased hacked and your IP address come from there
    - you registered a SIP_ service in your DNS
    - you registered for an ISN number
     
  3. fraggle4

    Joined:
    Apr 22, 2009
    Messages:
    98
    Likes Received:
    0
    It is easy to find a lot of pbxes on the internet. To secure an installation, a lot of things have to be actively changed, and some of these can break the system if not done right, so it looks as if a lot of people just don't bother.
    All the forums have tales of woe from people who have had their systems hacked, and there is also a lot of info on securing installations.
     
  4. Mathiau

    Joined:
    Jul 16, 2009
    Messages:
    227
    Likes Received:
    0
    There are no bugs or anything broadcasting from the software.

    Back in my days of anonymous FTP's and gaining access and such (about 10 years ago), what you do is get a ip scanner, decent ones let you choose specific ports to scan, you then set this program to scan X ip range say

    200.0.0.1 - 200.255.255.254

    choose what ports to scan where you know specific programs run as services and let it rip. (21/80/443/22 et cetera) in this case they likely look for PBX ports.

    Once done you get a file / results that tell you what IP's have open ports

    From there you simply try to access the services on those ports and exploit them via known methods and more often then not because people cant be bothered to secure their systems, out of so many, your almost always guaranteed to get some that are wide open!

    I used to be able to get 10-20 FTP's a night, that was until people would get smart and report the scanners IP address.

    This is why systems need to be behind a good firewall with logging, most people now thought are smart enough to use proxies and so on, so you are not likely to ever catch the person scanning you or trying to get access.
     

Share This Page