VoIP Mailing List Archives :: View topic - [asterisk-users] Am I cracked?

Sponsor: VoiceMeUp - Corporate & Wholesale VoIP Services

VoIP Mailing List Archives
Mailing list archives for the VoIP community

[asterisk-users] Am I cracked?

Goto page Previous 1, 2

VoIP Mailing List Archives Forum Index -> Asterisk Users

View previous topic :: View next topic

Author

Message

asterisk_list at earth...
Guest

Posted: Wed Jun 10, 2015 7:06 am Post subject: [asterisk-users] Am I cracked?

On Wednesday 10 Jun 2015, Luca Bertoncello wrote:

Quote:

I'm very sorry to write that, but these answers are really NOT helpful...
I searched two days long how can I check it and didn't found anything
useful...

Could someone suggest me a way to check if my Asterisk is an "Open
Relay" that accept connections from every peer?

Someone on this list is bound to have the wherewithal to be able to do that.
All they will need to know is the IP address of your Asterisk server.

I suggest that if anyone offers to help you by remotely penetration-testing
your system, you post "on-list" that you'll contact them "off-list" to give
them the server IP. That way, everyone gets to know that a deal has been
established, but only the directly-concerned parties have all the necessary
information.

--
AJS

Note: Originating address only accepts e-mail from list! If replying off-
list, change address to asterisk1list at earthshod dot co dot uk .

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

keiths at vianet.ca
Guest

Posted: Wed Jun 10, 2015 7:10 am Post subject: [asterisk-users] Am I cracked?

A J is 100% correct. People hear are very helpful. Though you do not
know who is just lurking and can cause some issues for you. I am willing
to help, but you may find someone who focuses only on security, and
would be a better asset.

On 2015-06-10 08:06 AM, A J Stiles wrote:

Quote:

On Wednesday 10 Jun 2015, Luca Bertoncello wrote:

Quote:

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

lucabert at lucabert.de
Guest

Posted: Wed Jun 10, 2015 7:14 am Post subject: [asterisk-users] Am I cracked?

Zitat von Keith Sloan <keiths@vianet.ca>:

Quote:

A J is 100% correct. People hear are very helpful. Though you do not
know who is just lurking and can cause some issues for you. I am
willing to help, but you may find someone who focuses only on
security, and would be a better asset.

On 2015-06-10 08:06 AM, A J Stiles wrote:

Quote:

On Wednesday 10 Jun 2015, Luca Bertoncello wrote:

Quote:

Well, I'm not sure, that I understood what you and Stiles say...
Anyway: if someone in the list can help me in such a penetration test,
I'd like to be contacted by him...

Thanks
Luca Bertoncello
(lucabert@lucabert.de)

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

dereck.s at gmail.com
Guest

Posted: Wed Jun 10, 2015 9:10 am Post subject: [asterisk-users] Am I cracked?

For such cases i created a dialplan in the default dialplan which blocks the ip of the hacker with iptables.

On Monday, June 8, 2015, Luca Bertoncello <lucabert@lucabert.de (lucabert@lucabert.de)> wrote:

Quote:

Hi list!

Very strange...
I ran the Asterisk CLI for other tasks, and suddenly I got this message:

== Using SIP RTP CoS mark 5
-- Executing [000972592603325@default:1] Verbose("SIP/192.168.20.120-0000002a", "2,PROXY Call from 0123456 to 000972592603325") in new stack
== PROXY Call from 0123456 to 000972592603325
-- Executing [000972592603325@default:2] Set("SIP/192.168.20.120-0000002a", "CHANNEL(musicclass)=default") in new stack
-- Executing [000972592603325@default:3] GotoIf("SIP/192.168.20.120-0000002a", "0?dialluca") in new stack
-- Executing [000972592603325@default:4] GotoIf("SIP/192.168.20.120-0000002a", "0?dialfax") in new stack
-- Executing [000972592603325@default:5] GotoIf("SIP/192.168.20.120-0000002a", "0?dialanika") in new stack
-- Executing [000972592603325@default:6] Dial("SIP/192.168.20.120-0000002a", "SIP/pbxluca/000972592603325,,R") in new stack
[Jun 8 21:42:50] WARNING[18981]: app_dial.c:2345 dial_exec_full: Unable to create channel of type 'SIP' (cause 20 - Subscriber absent)
== Everyone is busy/congested at this time (1:0/0/1)
-- Executing [000972592603325@default:7] Hangup("SIP/192.168.20.120-0000002a", "") in new stack
== Spawn extension (default, 000972592603325, 7) exited non-zero on 'SIP/192.168.20.120-0000002a'
[Jun 8 21:43:22] WARNING[16633]: chan_sip.c:3830 retrans_pkt: Retransmission timeout reached on transmission 8dc31ca4e660a0408450715638784d86 for seqno 1 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32001ms with no response

At the time no phone try to call...
On my Firewall I see a SIP packet coming from an IP in Palestine...
Am I cracked? I think I disabled all "guest" access. How can I check if my
Asterisk allows guest to originate calls?

Thanks
Luca Bertoncello
([url=javascript:;]lucabert@lucabert.de[/url])

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

lucabert at lucabert.de
Guest

Posted: Wed Jun 10, 2015 9:13 am Post subject: [asterisk-users] Am I cracked?

Zitat von Dereck D <dereck.s@gmail.com>:

Quote:

For such cases i created a dialplan in the default dialplan which blocks
the ip of the hacker with iptables.

That's interesting...
Could you explain me how do you did it?

Thanks
Luca Bertoncello
(lucabert@lucabert.de)

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

Display posts from previous:

	VoIP Mailing List Archives Forum Index -> Asterisk Users	All times are GMT - 5 Hours Goto page Previous 1, 2
Page 2 of 2

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum