Today I was hacked but caught it very quickly. This is the weird part, they
hacked an IP Auth based account by simply knowing the account name.
How is this possible? I am running Asterisk 11.5.0. Now it's my fault I used
a dictionary based account name but how did they bypass the set ip I had under
the account for this host.
This also happened with fail2ban running and I pay for Humbug . Nothing caught
it. Its just chance that I happen to be in the CLI and noticed it.
In a span of 30 minutes they had made over $200 worth of calls all to the same
number .
Anyone have any idea on this and any ideas on preventing this.
John Bittner
CTO
[cid:image003.png at 01CECB8D.765B3840]
380 US Highway 46, Suite 500
Totowa, NJ 07512
Phone: 201.806.2602 x2405
Fax: 201.806.2604
Cell: 973.390.1090
www.xaccel.net<http://www.xaccel.net/>
CONFIDENTIALITY NOTICE:
This e-mail message, including any attachments, is for the sole use of the
intended recipient(s) and may contain confidential
and privileged information which should not be shared or forwarded. Any
unauthorized review, use, disclosure or distribution
is prohibited. If you are not the intended recipient, please contact the sender
by reply e-mail and destroy all copies of the e-mail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20131018/e16c7ea5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 6839 bytes
Desc: image003.png
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20131018/e16c7ea5/attachment.png>