返回列表 發帖

Attacks from Hackers

本帖最後由 ckleea 於 2010-8-10 17:35 編輯

I have been attracked in the last few days from  '219.117.232.107'
Any suggestion to prevent?

If you guys have time, you may refer to the tutorial in BackTrack as below to see whether your VoIP system is strong enough or too vulerable to resist attack.   

http://www.backtrack-linux.org/wiki/index.php/Pentesting_VOIP

TOP

回復 18# Qnewbie

Only way to try is to have stronger firewall set at router and very stron username/password.

TOP

[Dec 18 20:58:49] NOTICE[353]: chan_sip.c:16457 handle_request_register: Registration from '"Darkman" <siparkman@myipaddress>' failed for '96.44.146.48' - No matching peer found


Another attack type with "faked" ip address(using my ip address) to break into my asterisk server. 82 trials per second, which droves my little IP01 to 50% CPU power I need a better firewall to drop those meaningless attacks!!!

TOP

應該會有一定作用。 但未必能防止對方亂撞,當然機會少了很多。

另一方面它也會局限了使用上的彈性,即是只能為預設的DOMAIN提供服務。如果我要給你掛電話,便可能造成不便。不過也真正做到了 Private Branch Exchange 中的 Private 了。

TOP

Don't know if i configure sip domains can help?

http://www.smartvox.co.uk/astfaq_sip_domains.htm

TOP

In fact Asterisk does allow letters for extension but use number for convenience. So the hacker must ...
角色 發表於 2010-8-10 16:39



    How to change to alphanumeric user extensions or login in alphanumeric but keep user extension as numerical?

TOP

How about other members? What is the length and the format of your password in the extension password?

By the way, the root password must be very long enough otherwise it would be very easily hacked. Mine is a 13-alphanumerical digits.

YH

TOP

In fact Asterisk does allow letters for extension but use number for convenience. So the hacker must start with number and try simple password hacking for each password. If our password is composed of 8 alphanumerical digits or more. It should be okay.

YH

TOP

Is it possible to use a longer user name like commerically available SIP account?

TOP

本帖最後由 角色 於 2010-8-10 16:35 編輯

That is why our password must not be so simple, it should include letters and numbers.

YH

TOP

There were attacks again. It is from an IP address of DNS server. Rapid scanning using extensions from 0 to 9999

TOP

I can install in my centos server but how about IP01.

TOP

fail2ban 是個不錯的保護套件。
OSSLab Blog :: VoIP & IT Consultant

TOP

Port 10020 不是已經給ET263佔用了嗎?  除非你不使用ET263服務,否則用其它會不會更好呢!?

TOP

返回列表