Hackers targetting Asterisk boxes
I saw the first ‘externsion scan’ of my Asterisk box this week. That is, an external server tried to register as an extension, starting at extension 100 all the way up to extension 999. I’m assuming if they had found a valid extension number then this would have been been followed by a brute force password (secret) scan.
This is an interesting article explaining the problem a little more – http://michigantelephone.wordpress.com/2008/11/28/why-didnt-freepbx-developers-implement-important-security-patch/
If you’re running Asterisk (and FreePBX) then the least you need to do is make sure that you’ve got pretty strong passwords for your extensions.
Last updated by .
Related posts:
- FBI / IC3 issue warning for Asterisk users
- Hacking and securing your Asterisk server
- No audio with certain Asterisk calls
SysAdminMan provides virtual PBX hosting based on Asterisk and Freeswitch.
Avaialble systems include FreePBX, PBX-in-a-Flash, Elastix, A2Billing and FusionPBX.
More details and prices can be found at sysadminman.net
Avaialble systems include FreePBX, PBX-in-a-Flash, Elastix, A2Billing and FusionPBX.
More details and prices can be found at sysadminman.net
Leave a comment