Saturday, February 7, 2009

Re: [asterisk-biz] PBX got Hacked

Well if you can determine the vulnerability & how to exploit it you
should notify the vendor.
I would hope that you have a firewall that limits the ipaddresses that
can connect to the pbx to those that have a legitimate need

I would also consider something to limit traffic and watch the logs for
brute force attacks

There are many tools out there for testing voip install security

John

VIP Carrier wrote:
> to me it look like there is some type of security whole in SwitchVOX
> web gui that have coused this issue.
>
> On Sat, Feb 7, 2009 at 9:17 PM, VIP Carrier <vipcarrier@gmail.com
> <mailto:vipcarrier@gmail.com>> wrote:
>
> Here is a sample of passwords for sip phone
> *yEphe4A56U
> * but for voice mails there was a simple passwords
> *
> *
> On Sat, Feb 7, 2009 at 8:45 PM, Stefan Wintermeyer
> <stefan.wintermeyer@amooma.de
> <mailto:stefan.wintermeyer@amooma.de>> wrote:
>
> Am 08.02.2009 um 02:31 schrieb VIP Carrier:
> > Here is an IP witch they have used to access a system
> 116.122.36.95
>
> Give me a break!
>
> If you can not stand the heat of the _dangerous_ internet: Get
> your
> self a pair of scissors and cut all network cables!
>
> If you run a server in the wild you have to know what you are
> doing.
> This is not a problem of SwitchVOX or any other kind of appliance/
> software. This is just a problem of having common sense and
> knowledge
> of the stuff you are doing.
>
> Stefan
>
> PS: In the good old times our clients all had official IP
> addresses
> and we used telnet to log into our Linux boxes. But things have
> changed quite a bit since then.
>
> --
> AMOOCON 2009, May 4-5, Rostock / Germany ->
> http://www.amoocon.de
> Asterisk: http://the-asterisk-book.com -
> http://das-asterisk-buch.de
> AMOOMA GmbH - Bachstr. 126 - 56566 Neuwied ->
> http://www.amooma.de
> Geschäftsführer: Stefan Wintermeyer, Handelsregister: Neuwied
> B14998
>
>
> _______________________________________________
> --Bandwidth and Colocation Provided by
> http://www.api-digital.com--
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-biz
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-biz

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)