443, 5060-5061 and 16384-32767 for RTP traffic,
and users extensions did not match passwords at and SwitchVOX came in as a Appliance so there was no installation done by any one at they company everything came in directly from Digium.
We have attempted contacting server pronto on what they technical support just said email to abuse and they will look in to the problem and refused talking to us.
I made a comment about this at Astridevcon. We have seen an increase in Automated Brute Force hacking attempts against publically accessible VoIP systems. Basically, the hackers use an automated tool to hack into a VoIP system w/ insecure passwords (ala extension 100 w/ a password of 100). Once they gain access, they use it to either:
a. Send a bunch of calls to places like Cuba, were costs can be $.30 / minute.
b. Have an auto-dialer blast out calls for credit-card scamming.
There was an FBI announcement not too long ago about a "Vishing" scam that was targeting Asterisk PBX systems:
http://blogs.digium.com/2008/12/06/sip-security-and-asterisk/
At this point, if you have your VoIP system attached to the public Internet, and are not taking security precautions such as using strong passwords and judicious firewalling, it is only a matter of time until you get hacked.
From: asterisk-biz-bounces@lists.digium.com [mailto:asterisk-biz-bounces@lists.digium.com] On Behalf Of Jai Rangi
Sent: Saturday, February 07, 2009 6:57 PMSubject: Re: [asterisk-biz] PBX got Hacked
To: Commercial and Business-Oriented Asterisk Discussion
$2000 calls in one hours? The fraud user must be a professional hacker and should have some kind of VoIP system and 10s (if not hundreds) of friends calling at the same time.
On Sat, Feb 7, 2009 at 3:46 PM, Gregory Boehnlein <damin@nacs.net> wrote:
Let me guess…
1. The Switchvox was open to the Internet
2. The extensions were simple (three / four digits) and the passwords matched the extensions
3. The attacker was able to register from the public Internet as one of the users and send the calls.
Sounds much more like an installation done by someone who had no clue about IP security. Don't blame Switchvox for the installers lack of a clue.. Switchvox is designed to run behind a firewall, and best practices for installation would dictate that you be very paranoid about what to allow to communicate w/ the PBX. Allowing it to be openly accessed on the Public Internet is shear stupidity.
So.. what am I missing here?
From: asterisk-biz-bounces@lists.digium.com [mailto:asterisk-biz-bounces@lists.digium.com] On Behalf Of VIP Carrier
Sent: Saturday, February 07, 2009 6:36 PM
To: Commercial and Business-Oriented Asterisk Discussion
Subject: [asterisk-biz] PBX got Hacked
Guys,
I can't belive that our client's PBX got hacked today.
My client has a SwitchVOX SMB and it got hacked!
some F@ckers with a following IP's
91.121.132.208
69.60.114.222
was able to send a calls in a matter of 1 hr for more then $2000
what can I say stay a way from switchvox--
This message has been scanned for viruses and
dangerous content by N2Net Mailshield, and is
believed to be clean.
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
--
This message has been scanned for viruses and
dangerous content by N2Net Mailshield, and is
believed to be clean.
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
No comments:
Post a Comment