VoIP Mailing List Archives
Mailing list archives for the VoIP community |
|
| View previous topic :: View next topic |
| Author |
Message |
lucabert at lucabert.de
Guest
|
 Posted: Mon Jun 08, 2015 2:47 pm Post subject: [asterisk-users] Am I cracked? |
 |
|
Hi list!
Very strange...
I ran the Asterisk CLI for other tasks, and suddenly I got this message:
== Using SIP RTP CoS mark 5
-- Executing [000972592603325@default:1] Verbose("SIP/192.168.20.120-0000002a", "2,PROXY Call from 0123456 to 000972592603325") in new stack
== PROXY Call from 0123456 to 000972592603325
-- Executing [000972592603325@default:2] Set("SIP/192.168.20.120-0000002a", "CHANNEL(musicclass)=default") in new stack
-- Executing [000972592603325@default:3] GotoIf("SIP/192.168.20.120-0000002a", "0?dialluca") in new stack
-- Executing [000972592603325@default:4] GotoIf("SIP/192.168.20.120-0000002a", "0?dialfax") in new stack
-- Executing [000972592603325@default:5] GotoIf("SIP/192.168.20.120-0000002a", "0?dialanika") in new stack
-- Executing [000972592603325@default:6] Dial("SIP/192.168.20.120-0000002a", "SIP/pbxluca/000972592603325,,R") in new stack
[Jun 8 21:42:50] WARNING[18981]: app_dial.c:2345 dial_exec_full: Unable to create channel of type 'SIP' (cause 20 - Subscriber absent)
== Everyone is busy/congested at this time (1:0/0/1)
-- Executing [000972592603325@default:7] Hangup("SIP/192.168.20.120-0000002a", "") in new stack
== Spawn extension (default, 000972592603325, 7) exited non-zero on 'SIP/192.168.20.120-0000002a'
[Jun 8 21:43:22] WARNING[16633]: chan_sip.c:3830 retrans_pkt: Retransmission timeout reached on transmission 8dc31ca4e660a0408450715638784d86 for seqno 1 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32001ms with no response
At the time no phone try to call...
On my Firewall I see a SIP packet coming from an IP in Palestine...
Am I cracked? I think I disabled all "guest" access. How can I check if my
Asterisk allows guest to originate calls?
Thanks
Luca Bertoncello
(lucabert@lucabert.de)
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|
| Back to top |
|
 |
kevin.larsen at pionee...
Guest
|
| Posted: Mon Jun 08, 2015 2:59 pm Post subject: [asterisk-users] Am I cracked? |
|
|
| Quote: | Very strange...
I ran the Asterisk CLI for other tasks, and suddenly I got this message:
== Using SIP RTP CoS mark 5
-- Executing [000972592603325@default:1] Verbose("SIP/192.168.
20.120-0000002a", "2,PROXY Call from 0123456 to 000972592603325") innew stack
== PROXY Call from 0123456 to 000972592603325
-- Executing [000972592603325@default:2] Set("SIP/192.168.20.
120-0000002a", "CHANNEL(musicclass)=default") in new stack
-- Executing [000972592603325@default:3] GotoIf("SIP/192.168.20.
120-0000002a", "0?dialluca") in new stack
-- Executing [000972592603325@default:4] GotoIf("SIP/192.168.20.
120-0000002a", "0?dialfax") in new stack
-- Executing [000972592603325@default:5] GotoIf("SIP/192.168.20.
120-0000002a", "0?dialanika") in new stack
-- Executing [000972592603325@default:6] Dial("SIP/192.168.20.
120-0000002a", "SIP/pbxluca/000972592603325,,R") in new stack
[Jun 8 21:42:50] WARNING[18981]: app_dial.c:2345 dial_exec_full:
Unable to create channel of type 'SIP' (cause 20 - Subscriber absent)
== Everyone is busy/congested at this time (1:0/0/1)
-- Executing [000972592603325@default:7] Hangup("SIP/192.168.20.
120-0000002a", "") in new stack
== Spawn extension (default, 000972592603325, 7) exited non-zero
on 'SIP/192.168.20.120-0000002a'
[Jun 8 21:43:22] WARNING[16633]: chan_sip.c:3830 retrans_pkt:
Retransmission timeout reached on transmission
8dc31ca4e660a0408450715638784d86 for seqno 1 (Critical Response) -- See
https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32001ms with no response
At the time no phone try to call...
On my Firewall I see a SIP packet coming from an IP in Palestine...
Am I cracked? I think I disabled all "guest" access. How can I check if my
Asterisk allows guest to originate calls?
|
Based on SIP packets coming in from IP addresses you don't recognize, while you may not be hacked, you would seem to have people probing your system. One thing you can do at the firewall level is restrict inbound sip communications to only those from your external phone providers. Depending on their setup, they should be able to give you an IP, a range of IPs or a name that can be used (i.e. sip.myphoneprovider.com). If you restrict your inbound sip to that, it will be very helpful. Also, there are further steps you can take to harden your systems. An internet search will bring up many, but here are a couple of good ones:
http://blogs.digium.com/2009/03/28/sip-security/
http://www.ipcomms.net/blog/70-11-steps-to-secure-your-asterisk-ip-pbx
http://nerdvittles.com/?p=580 |
|
| Back to top |
|
|
lucabert at lucabert.de
Guest
|
| Posted: Mon Jun 08, 2015 3:09 pm Post subject: [asterisk-users] Am I cracked? |
|
|
Kevin Larsen <kevin.larsen@pioneerballoon.com> schrieb:
| Quote: | Based on SIP packets coming in from IP addresses you don't recognize,
while you may not be hacked, you would seem to have people probing your
|
I think, too, it's someone probing my IP...
| Quote: | system. One thing you can do at the firewall level is restrict inbound sip
communications to only those from your external phone providers. Depending
on their setup, they should be able to give you an IP, a range of IPs or a
name that can be used (i.e. sip.myphoneprovider.com). If you restrict your
|
This is not really possible, since I'll login on my Asterisk from many
Providers...
OK, I set alwaysauthreject = yes and I discovered a allowguest, which I set
to "no", too.
The PBX is behind a Firewall and I just allow UDP 5060 and 10000-10100.
Now I log the SIP-pakets coming from Internet, too...
Hopefully I solved my problem...
Thanks
Luca Bertoncello
(lucabert@lucabert.de)
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|
| Back to top |
|
|
kevin.larsen at pionee...
Guest
|
| Posted: Mon Jun 08, 2015 3:20 pm Post subject: [asterisk-users] Am I cracked? |
|
|
| Quote: | OK, I set alwaysauthreject = yes and I discovered a allowguest, which I set
to "no", too.
The PBX is behind a Firewall and I just allow UDP 5060 and 10000-10100.
Now I log the SIP-pakets coming from Internet, too...
Hopefully I solved my problem...
|
Make sure you have solved the problem. You don't want to get hit with a phone bill for calls from your location to Israel. Basically, they are hoping that you are running the equivalent of a mail server open relay. They are trying to use you to dial out to another number. You don't want to pay for these calls.
The calls are being dumped into your default context. It's not matching on your gotoif statements, so finally it is trying to execute this:
Dial("SIP/192.168.20.120-0000002a", "SIP/pbxluca/000972592603325,,R") in new stack
Not sure what trunk pbxluca is, but if that is an outbound trunk, then this is very bad. The only reason it would fail then is if they have the outbound dial pattern wrong, which is a sure sign that you are open in the future to having someone make this kind of call in a way that does work and leaves you on the hook. Based on your email address, I am guessing you are in Germany. Looks like they almost have the correct outbound pattern for dialing from Germany to Israel. It should be 00972592603325 (notice the one less zero in the front). Please tell me that pbxluca is not an outbound dialing context? If it is, you need to fix this very quickly. |
|
| Back to top |
|
|
asterisk.org at sedwar...
Guest
|
| Posted: Mon Jun 08, 2015 3:21 pm Post subject: [asterisk-users] Am I cracked? |
|
|
On Mon, 8 Jun 2015, Luca Bertoncello wrote:
| Quote: | This is not really possible, since I'll login on my Asterisk from many
Providers...
|
many < all
So make a list of the 100 or so providers you have active accounts with.
It's still way less than 'all.'
Also, I'm willing to bet you won't be using providers from China, North
Korea, Russia, Iraq, etc, etc, etc. (Sorry if that steps on anybody's
toes.)
Look for address blocks (class A, B, C) that are allocated to geographic
regions you do not have any providers. If you limit your 'attack surface'
you make your security problem manageable.
--
Thanks in advance,
-------------------------------------------------------------------------
Steve Edwards sedwards@sedwards.com Voice: +1-760-468-3867 PST
Newline Fax: +1-760-731-3000
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|
| Back to top |
|
|
lucabert at lucabert.de
Guest
|
| Posted: Mon Jun 08, 2015 3:24 pm Post subject: [asterisk-users] Am I cracked? |
|
|
Kevin Larsen <kevin.larsen@pioneerballoon.com> schrieb:
| Quote: | Make sure you have solved the problem. You don't want to get hit with a
phone bill for calls from your location to Israel. Basically, they are
hoping that you are running the equivalent of a mail server open relay.
They are trying to use you to dial out to another number. You don't want
to pay for these calls.
|
Of course, but how can I test, if I am an "open relay"?
| Quote: | The calls are being dumped into your default context. It's not matching on
your gotoif statements, so finally it is trying to execute this:
Dial("SIP/192.168.20.120-0000002a", "SIP/pbxluca/000972592603325,,R") in
new stack
Not sure what trunk pbxluca is, but if that is an outbound trunk, then
this is very bad. The only reason it would fail then is if they have the
|
This is one of my outbound trunk...
| Quote: | outbound dial pattern wrong, which is a sure sign that you are open in the
future to having someone make this kind of call in a way that does work
and leaves you on the hook. Based on your email address, I am guessing you
are in Germany. Looks like they almost have the correct outbound pattern
for dialing from Germany to Israel. It should be 00972592603325 (notice
the one less zero in the front). Please tell me that pbxluca is not an
outbound dialing context? If it is, you need to fix this very quickly.
|
How can I fix it? Of course, I need to be able to call any phone on this
world...
On a Mail-Server I'd restrict outgoing calls to authenticated users. I was
sure, that Asterisk already do that, but I'm not sure anymore...
How can I restrict it?
Thanks
Luca Bertoncello
(lucabert@lucabert.de)
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|
| Back to top |
|
|
darcy at Vex.Net
Guest
|
| Posted: Mon Jun 08, 2015 3:30 pm Post subject: [asterisk-users] Am I cracked? |
|
|
On Mon, 8 Jun 2015 13:19:53 -0700 (PDT)
Steve Edwards <asterisk.org@sedwards.com> wrote:
| Quote: | Look for address blocks (class A, B, C) that are allocated to
geographic regions you do not have any providers. If you limit your
'attack surface' you make your security problem manageable.
|
Get this file:
http://www.ipdeny.com/ipblocks/data/countries/all-zones.tar.gz
It has all of those blocks for all countries. I pick that up fresh
every week and block specific countries that I don't have clients in
but seem to be hitting me hard.
--
D'Arcy J.M. Cain
System Administrator, Vex.Net
http://www.Vex.Net/ IM:darcy@Vex.Net
VoIP: sip:darcy@Vex.Net
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|
| Back to top |
|
|
darcy at Vex.Net
Guest
|
| Posted: Mon Jun 08, 2015 3:36 pm Post subject: [asterisk-users] Am I cracked? |
|
|
On Mon, 8 Jun 2015 22:24:33 +0200
Luca Bertoncello <lucabert@lucabert.de> wrote:
| Quote: | Kevin Larsen <kevin.larsen@pioneerballoon.com> schrieb:
| Quote: | Basically, they are hoping that you are running the equivalent of a
mail server open relay. They are trying to use you to dial out to
another number. You don't want to pay for these calls.
|
Of course, but how can I test, if I am an "open relay"?
|
If you don't know how to do this I suggest that you shut down your
Asterisk server until you find out. Using your cell phone while you
get it straight could save you some serious coin.
| Quote: | | Quote: | Not sure what trunk pbxluca is, but if that is an outbound trunk,
then this is very bad. The only reason it would fail then is if
they have the
|
This is one of my outbound trunk...
|
Very, very bad then.
| Quote: | On a Mail-Server I'd restrict outgoing calls to authenticated users.
I was sure, that Asterisk already do that, but I'm not sure anymore...
How can I restrict it?
|
You need to make sure that only registered phones can connect to your
outbound trunks. Read the docs or hire someone but don't wait. Shut
down now, especially since this information is now on a public list. I
am sure that most people here are just looking out for you but it only
takes one black hat.
--
D'Arcy J.M. Cain
System Administrator, Vex.Net
http://www.Vex.Net/ IM:darcy@Vex.Net
VoIP: sip:darcy@Vex.Net
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|
| Back to top |
|
|
kevin.larsen at pionee...
Guest
|
| Posted: Mon Jun 08, 2015 3:39 pm Post subject: [asterisk-users] Am I cracked? |
|
|
| Quote: | | Quote: | Make sure you have solved the problem. You don't want to get hit with a
phone bill for calls from your location to Israel. Basically, they are
hoping that you are running the equivalent of a mail server open relay.
They are trying to use you to dial out to another number. You don't want
to pay for these calls.
|
Of course, but how can I test, if I am an "open relay"?
| Quote: | The calls are being dumped into your default context. It's not matching on
your gotoif statements, so finally it is trying to execute this:
Dial("SIP/192.168.20.120-0000002a", "SIP/pbxluca/000972592603325,,R") in
new stack
Not sure what trunk pbxluca is, but if that is an outbound trunk, then
this is very bad. The only reason it would fail then is if they have the
|
This is one of my outbound trunk...
| Quote: | outbound dial pattern wrong, which is a sure sign that you are open in the
future to having someone make this kind of call in a way that does work
and leaves you on the hook. Based on your email address, I am guessing you
are in Germany. Looks like they almost have the correct outbound pattern
for dialing from Germany to Israel. It should be 00972592603325 (notice
the one less zero in the front). Please tell me that pbxluca is not an
outbound dialing context? If it is, you need to fix this very quickly.
|
How can I fix it? Of course, I need to be able to call any phone on this
world...
On a Mail-Server I'd restrict outgoing calls to authenticated users. I was
sure, that Asterisk already do that, but I'm not sure anymore...
How can I restrict it?
|
I am sure others can chime in, but first things first, you want inbound calls and outbound calls to be in different contexts. Don't let your default context reach an outbound line. Your registered phones will be in a context that can call out which should be different from the default.
Also, make sure that your phones are registering with passwords (secret) that are different than the extension number. Makes it harder to guess.
The big thing to keep in mind dialplan wise is to never let an inbound call have a path to loop back outbound. The two of the biggest vectors for fraud will be allowing a non-authenticated sip call to get outbound over your trunks and to have weak credentials that can be cracked that will let someone else impersonate your phones.
And you can still wipe out most fraud by restricting the IP addresses you let in from the outside world. I prefer to have the most restrictive communications I can and then fix it if I discover that something doesn't work. Better to fail and fix than to permit and pay for it later. The providers I tend to like best not only give me what I need to restrict to their IP ranges, but also put in place restrictions on their end to only talk to my account from my external static IP address. That way someone could figure out my credentials, but if they can't spoof my ip address it still won't work. That is dependent on what the provider can do though. |
|
| Back to top |
|
|
mitul at enterux.in
Guest
|
| Posted: Mon Jun 08, 2015 3:41 pm Post subject: [asterisk-users] Am I cracked? |
|
|
As a practice, by default all the extensions you expose on the allowguest mode should lead inbound to your asterisk and should never pick any outbound trunk and dial out.
Your best option is to remove all outbound extensions from the default context, move them to default2 and set default extensions as honeypot to play monkeys tts wave file or reject the call.
Mitul Limbani
On 09-Jun-2015 2:05 AM, "D'Arcy J.M. Cain" <darcy@vex.net (darcy@vex.net)> wrote: | Quote: | On Mon, 8 Jun 2015 22:24:33 +0200
Luca Bertoncello <lucabert@lucabert.de (lucabert@lucabert.de)> wrote:
| Quote: | Kevin Larsen <kevin.larsen@pioneerballoon.com (kevin.larsen@pioneerballoon.com)> schrieb:
| Quote: | Basically, they are hoping that you are running the equivalent of a
mail server open relay. They are trying to use you to dial out to
another number. You don't want to pay for these calls.
|
Of course, but how can I test, if I am an "open relay"?
|
If you don't know how to do this I suggest that you shut down your
Asterisk server until you find out. Using your cell phone while you
get it straight could save you some serious coin.
| Quote: | | Quote: | Not sure what trunk pbxluca is, but if that is an outbound trunk,
then this is very bad. The only reason it would fail then is if
they have the
|
This is one of my outbound trunk...
|
Very, very bad then.
| Quote: | On a Mail-Server I'd restrict outgoing calls to authenticated users.
I was sure, that Asterisk already do that, but I'm not sure anymore...
How can I restrict it?
|
You need to make sure that only registered phones can connect to your
outbound trunks. Read the docs or hire someone but don't wait. Shut
down now, especially since this information is now on a public list. I
am sure that most people here are just looking out for you but it only
takes one black hat.
--
D'Arcy J.M. Cain
System Administrator, Vex.Net
http://www.Vex.Net/ IM:darcy@Vex.Net
VoIP: sip:darcy@Vex.Net
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
|
|
|
| Back to top |
|
|
mdupuis at ocg.ca
Guest
|
| Posted: Mon Jun 08, 2015 3:57 pm Post subject: [asterisk-users] Am I cracked? |
|
|
I'm guessing this is a small/home system? I suggest you install SecAst from this site: www.telium.ca It's free for small office / home office and will deal with these types of attacks and more. It can also block users based on their Geographic location (based on the phone number it attempted to dial I suspect this is middle east), look for suspicious dialing patterns, etc.
If you still have allow guest enabled, then you should also follow the 'securing asterisk' steps from this site: http://www.voip-info.org/wiki/view/Asterisk+security
You're definitely under attack (based on the 0123456 ID) so be sure to take preventative steps to avoid a $50k phone bill..
________________________________________
From: asterisk-users-bounces@lists.digium.com <asterisk-users-bounces@lists.digium.com> on behalf of Luca Bertoncello <lucabert@lucabert.de>
Sent: Monday, June 8, 2015 3:46 PM
To: Asterisk Users List
Subject: [asterisk-users] Am I cracked?
Hi list!
Very strange...
I ran the Asterisk CLI for other tasks, and suddenly I got this message:
== Using SIP RTP CoS mark 5
-- Executing [000972592603325@default:1] Verbose("SIP/192.168.20.120-0000002a", "2,PROXY Call from 0123456 to 000972592603325") in new stack
== PROXY Call from 0123456 to 000972592603325
-- Executing [000972592603325@default:2] Set("SIP/192.168.20.120-0000002a", "CHANNEL(musicclass)=default") in new stack
-- Executing [000972592603325@default:3] GotoIf("SIP/192.168.20.120-0000002a", "0?dialluca") in new stack
-- Executing [000972592603325@default:4] GotoIf("SIP/192.168.20.120-0000002a", "0?dialfax") in new stack
-- Executing [000972592603325@default:5] GotoIf("SIP/192.168.20.120-0000002a", "0?dialanika") in new stack
-- Executing [000972592603325@default:6] Dial("SIP/192.168.20.120-0000002a", "SIP/pbxluca/000972592603325,,R") in new stack
[Jun 8 21:42:50] WARNING[18981]: app_dial.c:2345 dial_exec_full: Unable to create channel of type 'SIP' (cause 20 - Subscriber absent)
== Everyone is busy/congested at this time (1:0/0/1)
-- Executing [000972592603325@default:7] Hangup("SIP/192.168.20.120-0000002a", "") in new stack
== Spawn extension (default, 000972592603325, 7) exited non-zero on 'SIP/192.168.20.120-0000002a'
[Jun 8 21:43:22] WARNING[16633]: chan_sip.c:3830 retrans_pkt: Retransmission timeout reached on transmission 8dc31ca4e660a0408450715638784d86 for seqno 1 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32001ms with no response
At the time no phone try to call...
On my Firewall I see a SIP packet coming from an IP in Palestine...
Am I cracked? I think I disabled all "guest" access. How can I check if my
Asterisk allows guest to originate calls?
Thanks
Luca Bertoncello
(lucabert@lucabert.de)
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|
| Back to top |
|
|
asterisk.org at sedwar...
Guest
|
| Posted: Mon Jun 08, 2015 5:44 pm Post subject: [asterisk-users] Am I cracked? |
|
|
On Mon, 8 Jun 2015, Kevin Larsen wrote:
| Quote: | Better to fail and fix than to permit and pay for it later.
|
That would make a great T-shirt:
Deny and Fix
vs
Permit and Pay
--
Thanks in advance,
-------------------------------------------------------------------------
Steve Edwards sedwards@sedwards.com Voice: +1-760-468-3867 PST
Newline Fax: +1-760-731-3000
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|
| Back to top |
|
|
asterisk.org at sedwar...
Guest
|
| Posted: Mon Jun 08, 2015 5:46 pm Post subject: [asterisk-users] Am I cracked? |
|
|
On Mon, 8 Jun 2015, Michelle Dupuis wrote:
| Quote: | You're definitely under attack (based on the 0123456 ID) so be sure to
take preventative steps to avoid a $50k phone bill..
|
Don't enable 'auto-replenish' in your provider account and don't keep a
balance you can't afford to lose.
--
Thanks in advance,
-------------------------------------------------------------------------
Steve Edwards sedwards@sedwards.com Voice: +1-760-468-3867 PST
Newline Fax: +1-760-731-3000
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|
| Back to top |
|
|
oza.4h07 at gmail.com
Guest
|
| Posted: Wed Jun 10, 2015 6:52 am Post subject: [asterisk-users] Am I cracked? |
|
|
2015-06-08 22:35 GMT+02:00 D'Arcy J.M. Cain <darcy@vex.net (darcy@vex.net)>:
| Quote: | On Mon, 8 Jun 2015 22:24:33 +0200
Luca Bertoncello <lucabert@lucabert.de (lucabert@lucabert.de)> wrote:
| Quote: | Kevin Larsen <kevin.larsen@pioneerballoon.com (kevin.larsen@pioneerballoon.com)> schrieb:
| Quote: | Basically, they are hoping that you are running the equivalent of a
mail server open relay. They are trying to use you to dial out to
another number. You don't want to pay for these calls.
|
Of course, but how can I test, if I am an "open relay"?
|
If you don't know how to do this I suggest that you shut down your
Asterisk server until you find out. Using your cell phone while you
get it straight could save you some serious coin.
|
+1 !
|
|
| Back to top |
|
|
lucabert at lucabert.de
Guest
|
| Posted: Wed Jun 10, 2015 6:57 am Post subject: [asterisk-users] Am I cracked? |
|
|
Zitat von Olivier <oza.4h07@gmail.com>:
| Quote: | 2015-06-08 22:35 GMT+02:00 D'Arcy J.M. Cain <darcy@vex.net>:
| Quote: | On Mon, 8 Jun 2015 22:24:33 +0200
Luca Bertoncello <lucabert@lucabert.de> wrote:
| Quote: | Kevin Larsen <kevin.larsen@pioneerballoon.com> schrieb:
| Quote: | Basically, they are hoping that you are running the equivalent of a
mail server open relay. They are trying to use you to dial out to
another number. You don't want to pay for these calls.
|
Of course, but how can I test, if I am an "open relay"?
|
If you don't know how to do this I suggest that you shut down your
Asterisk server until you find out. Using your cell phone while you
get it straight could save you some serious coin.
|
+1 !
|
I'm very sorry to write that, but these answers are really NOT helpful...
I searched two days long how can I check it and didn't found anything
useful...
Well, since I changed some configuration and use another port I don't
have the problem, but I'm not sure if I did all what I need...
Could someone suggest me a way to check if my Asterisk is an "Open
Relay" that accept connections from every peer?
Thanks
Luca Bertoncello
(lucabert@lucabert.de)
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
Search
