News:

Rule #1 - Be Patient - Rule #2 - Don't ask when, if you don't contribute - Rule #3 - You have coding skills - LinuxMCE's small brother is available: http://www.agocontrol.com

Main Menu

Stop asterisk from being hijacked

Started by greenhornet, April 23, 2009, 08:39:52 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions

dlewis

#15
May 03, 2009, 08:59:22 PM
Quote from: LegoGT on May 03, 2009, 07:50:30 PM
I've added an entry to /etc/hosts.allow for Asterisk and it seems to get the job done:

Code Select
asterisk : proxy01.sipphone.com : allow
asterisk : 192.168.80. : allow
asterisk : localhost : allow
asterisk : ALL : deny


Before, I was able to easily connect the N800 SIP phone app from any external network and make dialed calls using default extension info (for example: 200,200). Now I can at least limit that access to specific hosts (or none at all) but I'm not sure if there are any security loopholes still open. Am I missing anything obvious by not trying to upgrade FreePBX and locking it down there?

Good points Thom... LegoGT, please still make the trac entry with the notes/comments referenced by myself and Thom.

LegoGT

#16
May 04, 2009, 02:08:12 AM
Quote from: dlewis on May 03, 2009, 08:59:22 PM
Quote from: LegoGT on May 03, 2009, 07:50:30 PM
I've added an entry to /etc/hosts.allow for Asterisk and it seems to get the job done:

Code Select
asterisk : proxy01.sipphone.com : allow
asterisk : 192.168.80. : allow
asterisk : localhost : allow
asterisk : ALL : deny


Before, I was able to easily connect the N800 SIP phone app from any external network and make dialed calls using default extension info (for example: 200,200). Now I can at least limit that access to specific hosts (or none at all) but I'm not sure if there are any security loopholes still open. Am I missing anything obvious by not trying to upgrade FreePBX and locking it down there?

Good points Thom... LegoGT, please still make the trac entry with the notes/comments referenced by myself and Thom.

No problem. I'll add it tonight.
A brain dump of my neverending projects: [url=http://mediumrarebrain.com]http://MediumRareBrain.com[/url]

dlewis

#17
May 04, 2009, 03:12:07 PM
A reason why we should work on the security of our asterisk installation:

http://www.usken.no/2009/03/26/get-the-password-from-any-sip-device-its-fully-possible/

Linksys SPA2102 is one of the devices they successfully penetrated.

tschak909

#18
May 04, 2009, 03:15:33 PM
oh _yeah_

-Thom

LegoGT

#19
May 04, 2009, 05:11:03 PM
This was my first submission to Trac so be easy on me! I think it's in there correctly (http://svn.linuxmce.org/trac.cgi/ticket/188) but let me know if I missed something so I can do it properly next time.
A brain dump of my neverending projects: [url=http://mediumrarebrain.com]http://MediumRareBrain.com[/url]
Print
Go Up Pages 1 2
User actions