Hey guys, I've been running asterisk on my server for some time now (currently running Asterisk 1.6.2.0). I am having security issues with my SIP accounts. Unauthorized people have been able to access the server (bots) and they have been able to make calls (in today's case to Cuba). Here's a copy (slightly modified) of my sip.conf: [general] context=default ; Default context for incoming calls videosupport=yes rtcachefriends=yes autocreatepeer=no t38pt_udptl=yes allowoverlap=no udpbindaddr=0.0.0.0 srvlookup=yes ;pedantic=yes disallow=all allow=alaw allow=ulaw allow=speex [1001] type=friend username=1001 secret=blah subscribecontext=default regexten=1001 callerid="blah" <XXXXXXXXXX> host=dynamic nat=yes canreinvite=no mailbox=1001 at default registertrying=yes [testuser] type=friend secret=blah callerid="blah" <XXXXXXXXX> host=dynamic nat=yes qualify=yes allowsubscribe=yes canreinvite=no context=default [testuser2] type=friend username=testuser2 secretcallerid="blah" <blah> host=dynamic nat=yes qualify=yes allowsubscribe=yes canreinvite=no context=default Someone is able to connect to my server and make a call since they can access the default context. What should I do? Thanks guys!
----- "Juan C. Villa" <juanqui at villafam.com> wrote:> Hey guys, > > I've been running asterisk on my server for some time now (currently > running Asterisk 1.6.2.0). I am having security issues with my SIP > accounts. Unauthorized people have been able to access the server > (bots) > and they have been able to make calls (in today's case to Cuba). > > Here's a copy (slightly modified) of my sip.conf: > > [general] > context=default ; Default context for incoming calls > videosupport=yes > rtcachefriends=yes > autocreatepeer=no > t38pt_udptl=yes > > allowoverlap=no > udpbindaddr=0.0.0.0 > srvlookup=yes > ;pedantic=yes > > disallow=all > allow=alaw > allow=ulaw > allow=speex > > [1001] > type=friend > username=1001 > secret=blah > subscribecontext=default > regexten=1001 > callerid="blah" <XXXXXXXXXX> > host=dynamic > nat=yes > canreinvite=no > mailbox=1001 at default > registertrying=yes > > [testuser] > type=friend > secret=blah > callerid="blah" <XXXXXXXXX> > host=dynamic > nat=yes > qualify=yes > allowsubscribe=yes > canreinvite=no > context=default > > > [testuser2] > type=friend > username=testuser2 > secret> callerid="blah" <blah> > host=dynamic > nat=yes > qualify=yes > allowsubscribe=yes > canreinvite=no > context=default > > > Someone is able to connect to my server and make a call since they > can > access the default context. What should I do? > > Thanks guys! > > http://lists.digium.com/mailman/listinfo/asterisk-usershttp://blogs.digium.com/2009/03/28/sip-security/ -- Thanks, Phil
Lets just say that you turned off the security ... [general] context=default ; Default context for incoming calls so everyone that can connect to your IP port 5060 UDP can access default context... why would you allow this context to place outgoing calls then ? secret=blah also you think the bots don't know this password ??? Martin On Tue, Jan 12, 2010 at 11:43 AM, Juan C. Villa <juanqui at villafam.com> wrote:> Hey guys, > > I've been running asterisk on my server for some time now (currently > running Asterisk 1.6.2.0). I am having security issues with my SIP > accounts. Unauthorized people have been able to access the server (bots) > and they have been able to make calls (in today's case to Cuba). > > Here's a copy (slightly modified) of my sip.conf: > > [general] > context=default ? ? ? ? ? ? ? ? ; Default context for incoming calls > videosupport=yes > rtcachefriends=yes > autocreatepeer=no > t38pt_udptl=yes > > allowoverlap=no > udpbindaddr=0.0.0.0 > srvlookup=yes > ;pedantic=yes > > disallow=all > allow=alaw > allow=ulaw > allow=speex > > [1001] > type=friend > username=1001 > secret=blah > subscribecontext=default > regexten=1001 > callerid="blah" <XXXXXXXXXX> > host=dynamic > nat=yes > canreinvite=no > mailbox=1001 at default > registertrying=yes > > [testuser] > type=friend > secret=blah > callerid="blah" <XXXXXXXXX> > host=dynamic > nat=yes > qualify=yes > allowsubscribe=yes > canreinvite=no > context=default > > > [testuser2] > type=friend > username=testuser2 > secret> callerid="blah" <blah> > host=dynamic > nat=yes > qualify=yes > allowsubscribe=yes > canreinvite=no > context=default > > > Someone is able to connect to my server and make a call since they can > access the default context. What should I do? > > Thanks guys! > > > > > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > ? http://lists.digium.com/mailman/listinfo/asterisk-users >