Hope y'all had a very merry Christmas!
Like the subject indicates I got my asterisk hacked the other day resulting in a huge phone bill. I had a look at the phones in the system and the auto generated SIP passwords seem very difficult to guess. Yet someone succeeded. In the call log I could see that there were calls placed from all extensions in my system. Apparently someone took the pain to crack all of my passwords, which surprised me a bit.
I had a peek at the firewall, and maybe some of you guys can shed some light on how this works. There is a rule to open up port 5060 for udp. This seems inevitable if you want to place and receive external calls. But I guess this also opens up a security risk?
Just as a test I removed this rule to see what would happen. To my surprise, external calls still work. Is this normal? I did a quick reload router. Maybe I need to restart the core? Besides, the firewall used, is it a separate LMCE firewall or is it the kernel built-in one? I launched gufw and it indicated that the kernel firewall was turned off.
Is the general recommendation to have a strict dial plan to avoid having hackers placing calls to expensive phone numbers? Or do I have some security problem with my system that I am not aware of?
Any suggestions or information is welcome!
Happy new year everyone!