Re: [asterisk-biz] Hacker's attack on Asterisk by thses addresses "66.7.197.76" and "200.90.72.141"

On Sun, Sep 6, 2009 at 7:50 PM, Faiz Rehman <faiz_grw@yahoo.com> wrote:

Hi   IMy asterisk has been hacked my this IP "66.7.197.76". When i blocked this ip from Linux Firewall then he tried to attack from 2nd IP "200.90.72.141". He  fhound one my extension with a weak password and started dialing out. Thanks   Faiz

Since this is the biz list, I would expect that you are an ITSP?  Why not only allow customer IPs and block the rest.

If you cannot do that, why not add a alpha character to your extensions.  Instead of 101, make it z101 or whatever.

Bottom line, don't have weak credentials or firewall rules.

--
Senior Systems and Network Administrator
Triple Canopy, Inc.,
2250 Corporate Park Drive, Suite 300
ph.   +1.703.673.5191
mob.+1.240.938.1212
FAX.+1.703.673.1279
steve.totaro@triplecanopy.com