It is very common to see hackers coming from IP addresses belonging to reputable companies. But this doesn't mean that those companies themselves are involved in these hack attempts. They can't control who misuses their IP addresses, but usually they do try their best to block such attempts. The problem is that many times these IP addresses belong to compromised servers, and the server owners themselves don't even know that their servers are being misused by hackers.
The only way to fight such hack attempts is to implement security measures on your own end. I have learned it the hard way, because my Asterisk servers have been hacked a few times in last few years, and I have worked with clients who faced the same issue. I usually send email to the owners of these IP addresses, which you can find from whois database, but never ever got any reply back from anyone. I know they can't do much either as I have worked in NOCs of some serious ISPs. Hackers change the IP addresses very easily, as they know that they can't do their dirty job from one single IP address.
If you want to implement some security on your server, I would suggest to start wit fail2ban. Download it from fail2ban.org, spend some time on their wiki, and also set it up for asterisk as described in http://www.voip-info.org/wiki/view/Fail2Ban+%28with+iptables%29+And+Asterisk. It is a really good utility. Another good idea is to change default ports of the most commonly used software, and also block ports which you don't use.
Regards,
--
Zeeshan A Zakaria
On Sun, Oct 4, 2009 at 5:15 PM, Vijay Gandhi <vijay@gandhiinfotech.com> wrote:
My first attempt is to get the response from Voxalot only and few of my
emails were sent around a month back to them, when my switch was hacked at
first, but since then, I have not received any reply back from them.
Regards
Vijay Gandhi
[mailto:asterisk-biz-bounces@lists.digium.com] On Behalf Of SIP
Sent: Monday, October 05, 2009 2:04 AM
To: Commercial and Business-Oriented Asterisk Discussion
Subject: Re: [asterisk-biz] Hacking the network
We've had some issues with users coming in from Voxalot IPs as well. Was
suspicious calling patterns and traffic, but Voxalot was very responsive
in helping us track things down. I seriously doubt they're ignoring
response emails. It's Sunday in the US, and many smaller companies run
limited support staff.
N.
Nir Simionovich wrote:
> Vijay,
>
> Voxalot is one of the more respected and veteran companies in this
> sector, I doubt it
> if they had personally been in charge of the hack attach you are
> describing. If you are
> going to publicly claim that a certain company hacked your systems, I
> suggest that you
> be able to back it up by some proper proof - or Voxalot may want to
> sue you for slander.
>
> Nir S
>
> On Sun, Oct 4, 2009 at 5:53 PM, Nitzan Kon <nk3569@yahoo.com
> <mailto:nk3569@yahoo.com>> wrote:
>
> Just LOL!
>
> --- On Sun, 10/4/09, Vijay Gandhi <vijay@gandhiinfotech.com
> <mailto:vijay@gandhiinfotech.com>> wrote:
>
> > Wanted to update everyone, that IP 64.34.173.199
> > belong to a company Voxalot, they have hacked our system
> > twice and they don't
> > even care to reply to any emails sent to them, and they
> > don't even
> > respond over the phone, beware of them.
>
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> AstriCon 2009 - October 13 - 15 Phoenix, Arizona
> Register Now: http://www.astricon.net
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-biz
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> AstriCon 2009 - October 13 - 15 Phoenix, Arizona
> Register Now: http://www.astricon.net
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-biz
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
AstriCon 2009 - October 13 - 15 Phoenix, Arizona
Register Now: http://www.astricon.net
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
AstriCon 2009 - October 13 - 15 Phoenix, Arizona
Register Now: http://www.astricon.net
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
Posts
No comments:
Post a Comment