[App_rpt-users] App_rpt-users Digest, Vol 39, Issue 24

Tony Youngblood k5try73 at gmail.com
Mon May 21 04:10:06 UTC 2012


Change it... One of the first things I did on mine. 222 is not required per say. I haven't even configured SIP for myself and a gazillion attempts from this ip addy. grrrr

;(;)
AllStar 28384
Irlp 7998 / 7766 / 7926
Echo 563329
:(:)



On May 20, 2012, at 10:43 PM, app_rpt-users-request at ohnosec.org wrote:

> Send App_rpt-users mailing list submissions to
>    app_rpt-users at ohnosec.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>    http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
> or, via email, send a message with subject or body 'help' to
>    app_rpt-users-request at ohnosec.org
> 
> You can reach the person managing the list at
>    app_rpt-users-owner at ohnosec.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of App_rpt-users digest..."
> 
> 
> Today's Topics:
> 
>   1. Re: SIP bots, hack attempts? - SSH also (dave k)
>   2. What is a PGCM (Fran)
>   3. Re: SIP bots, hack attempts? (George Csahanin)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Sun, 20 May 2012 20:03:00 -0700 (PDT)
> From: dave k <dave_k_420 at yahoo.com>
> To: "app_rpt-users at ohnosec.org" <app_rpt-users at ohnosec.org>
> Subject: Re: [App_rpt-users] SIP bots, hack attempts? - SSH also
> Message-ID:
>    <1337569380.87802.androidMobile at web114004.mail.gq1.yahoo.com>
> Content-Type: text/plain; charset="utf-8"
> 
> I am seeing brute force attempts to ssh/222. This is my first time running on 222 so i assumed it would be unknown. Is 222 a common alternative? 
> 
> Sent from Yahoo! Mail on Android
> 
> From: Don Hackler <donh at sigma.net>; 
> To: Tony Youngblood <k5try73 at gmail.com>; 
> Cc: app_rpt-users at ohnosec.org <app_rpt-users at ohnosec.org>; 
> Subject: Re: [App_rpt-users] SIP bots, hack attempts? 
> Sent: Mon, May 21, 2012 2:27:51 AM 
> 
> Any VOIP system with exposed SIP ports will get hit regularly by 'bots trying to get in.
> 
> (I mostly see them from China and other Asian countries?)
> 
> First, make sure your system is behind a firewall. ?Don't expose any ports you don't absolutely have to.
> 
> Second, use really good passwords on your SIP accounts and anything else that is exposed to the outside.
> 
> Third, make sure that if they manage to hack a SIP account, make sure they can't run up a bunch of charges on an outbound VOIP trunk.
> 
> (If you have a VOIP provider hooked up for outbound calls, only leave enough money prepaid in the account you are willing to risk; maybe $25 or so. ?Don't enable international calls. ?Don't enable auto-replenishment from a credit card.)
> 
> If they get in, they will route dozens of calls simultaneously through your system. ?In a half hour, they can run up thousands of call minutes if you let them.
> 
> 
> 
> On May 20, 2012, at 7:13 PM, Tony Youngblood wrote:
> 
> Interesting discussion I had about sip hacks I had so I checked my log. Any details, advice, insight?
> 
> file is 71,073,169 big!
> 
> [Mar? 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fu-min"<sip:fu-min at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
> [Mar? 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fu-tze"<sip:fu-tze at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
> [Mar? 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fu-yeung"<sip:fu-yeung at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
> [Mar? 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fugwo"<sip:fugwo at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
> [Mar? 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fuarnibol"<sip:fuarnibol at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
> [Mar? 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fuat"<sip:fuat at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
> [Mar? 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fubler"<sip:fubler at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
> [Mar? 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fuccellaro"<sip:fuccellaro at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
> [Mar? 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fuchsberger"<sip:fuchsberger at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
> [Mar? 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fuck-me-over-some-more"<sip:fuck-me-over-some-more at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
> [Mar? 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fucktool"<sip:fucktool at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
> [Mar? 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fudd"<sip:fudd at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
> [Mar? 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fude"<sip:fude at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
> [Mar? 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fudenberg"<sip:fudenberg at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
> [Mar? 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fudge"<sip:fudge at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
> 
> ;(;)
> 
> AllStar 28384
> 
> Irlp 7998 / 7766 / 7926
> 
> Echo 563329
> 
> :(:)
> 
> 
> On May 19, 2012, at 11:00 AM, app_rpt-users-request at ohnosec.org wrote:
> 
> Send App_rpt-users mailing list submissions to
> ? ?app_rpt-users at ohnosec.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> ? ?http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
> or, via email, send a message with subject or body 'help' to
> ? ?app_rpt-users-request at ohnosec.org
> 
> You can reach the person managing the list at
> ? ?app_rpt-users-owner at ohnosec.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of App_rpt-users digest..."
> 
> Today's Topics:
> 
> ??1. adding extensions to acid ?all-star repeater (Bradley Haney)
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Sat, 19 May 2012 09:19:32 -0500
> From: Bradley Haney <kc9gqr at gmail.com>
> To: app_rpt-users at ohnosec.org
> Subject: [App_rpt-users] adding extensions to acid ?all-star repeater
> Message-ID: <E3E3A42F-65BD-4B2E-BE21-67654048A29C at gmail.com>
> Content-Type: text/plain; charset=us-ascii
> 
> Hello all.. 
> 
> Been looking through the old forums and trying to get a handle on how to add ?SIP extensions to my all-star box. ?We are currently running acid distro on our repeater and using the allstarlink auto patch service. ??I would like to be able to add a few sip extensions ??so when i am on my cell phone i can connect to the repeater and listen or dial ?my wife who is a ham on a different extension and ring her phone. ??The extensions do not have to have ?"outside access" for the auto patch as the extensions would be used for internal communication to and from the repeater or to and from other extensions i add . ?Example ?extension 123 (which would be a sip client) be able to dial 28079 which is the repeater. ?or ?a person on the repeater ?be able to dial ?extension 123 and have the sip client ring. ?I have a static ip address so i know that won't be a problem, ?just a little confused on how to add everything in the ?config files. ??Does
> anyone by ?chance have a good working example
> ?they could share? ?I would try the other distro ?but everyone like the web trans idea instead of using echo link ?:) ???
> 
> Thanks for any help i could get..
> 
> Bradley
> allstar node 28079
> 
> ------------------------------
> 
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at ohnosec.org
> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
> 
> End of App_rpt-users Digest, Vol 39, Issue 22
> *********************************************
> 
> 
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at ohnosec.org
> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://ohnosec.org/pipermail/app_rpt-users/attachments/20120520/9cd1ba93/attachment-0001.html>
> 
> ------------------------------
> 
> Message: 2
> Date: Sun, 20 May 2012 20:16:34 -0700 (PDT)
> From: Fran <baldwin88 at yahoo.com>
> To: app_rpt-users at ohnosec.org
> Subject: [App_rpt-users] What is a PGCM
> Message-ID:
>    <1337570194.41781.YahooMailClassic at web160302.mail.bf1.yahoo.com>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> Had a friend who went to Dayton and he saw the Micro Node people with a unit called a PGCM....what is it and what can it do???
> ?
> Frank
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://ohnosec.org/pipermail/app_rpt-users/attachments/20120520/9d8e0e67/attachment-0001.html>
> 
> ------------------------------
> 
> Message: 3
> Date: Sun, 20 May 2012 22:43:12 -0500
> From: "George Csahanin" <george at dyb.com>
> To: "Tony Youngblood" <k5try73 at gmail.com>,    <app_rpt-users at ohnosec.org>
> Subject: Re: [App_rpt-users] SIP bots, hack attempts?
> Message-ID: <46609EAD04E44993BD225215651C5E36 at lintv.com>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> Well, glad to know it isn't just me. And how many milliseconds did this all take. That's what always amazes me. How quickly the logins come, five to ten a second. 
> 
> GeorgeC
> W2DB
> 2360/2428/28599
> 
>  ----- Original Message ----- 
>  From: Tony Youngblood 
>  To: app_rpt-users at ohnosec.org 
>  Sent: Sunday, May 20, 2012 9:13 PM
>  Subject: [App_rpt-users] SIP bots, hack attempts?
> 
> 
>  Interesting discussion I had about sip hacks I had so I checked my log. Any details, advice, insight?
> 
> 
>  file is 71,073,169 big!
> 
>  [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fu-min"<sip:fu-min at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
>  [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fu-tze"<sip:fu-tze at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
>  [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fu-yeung"<sip:fu-yeung at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
>  [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fugwo"<sip:fugwo at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
>  [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fuarnibol"<sip:fuarnibol at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
>  [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fuat"<sip:fuat at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
>  [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fubler"<sip:fubler at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
>  [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fuccellaro"<sip:fuccellaro at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
>  [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fuchsberger"<sip:fuchsberger at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
>  [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fuck-me-over-some-more"<sip:fuck-me-over-some-more at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
>  [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fucktool"<sip:fucktool at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
>  [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fudd"<sip:fudd at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
>  [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fude"<sip:fude at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
>  [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fudenberg"<sip:fudenberg at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
>  [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fudge"<sip:fudge at 108.238.216.11>' failed for '95.211.167.69' - No matching peer found
> 
> 
>  ;(;)
>  AllStar 28384
>  Irlp 7998 / 7766 / 7926
>  Echo 563329
>  :(:)
> 
> 
> 
> 
> 
>  On May 19, 2012, at 11:00 AM, app_rpt-users-request at ohnosec.org wrote:
> 
> 
>    Send App_rpt-users mailing list submissions to
>       app_rpt-users at ohnosec.org
> 
>    To subscribe or unsubscribe via the World Wide Web, visit
>       http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>    or, via email, send a message with subject or body 'help' to
>       app_rpt-users-request at ohnosec.org
> 
>    You can reach the person managing the list at
>       app_rpt-users-owner at ohnosec.org
> 
>    When replying, please edit your Subject line so it is more specific
>    than "Re: Contents of App_rpt-users digest..."
> 
> 
>    Today's Topics:
> 
>      1. adding extensions to acid  all-star repeater (Bradley Haney)
> 
> 
>    ----------------------------------------------------------------------
> 
>    Message: 1
>    Date: Sat, 19 May 2012 09:19:32 -0500
>    From: Bradley Haney <kc9gqr at gmail.com>
>    To: app_rpt-users at ohnosec.org
>    Subject: [App_rpt-users] adding extensions to acid  all-star repeater
>    Message-ID: <E3E3A42F-65BD-4B2E-BE21-67654048A29C at gmail.com>
>    Content-Type: text/plain; charset=us-ascii
> 
>    Hello all.. 
> 
>    Been looking through the old forums and trying to get a handle on how to add  SIP extensions to my all-star box.  We are currently running acid distro on our repeater and using the allstarlink auto patch service.   I would like to be able to add a few sip extensions   so when i am on my cell phone i can connect to the repeater and listen or dial  my wife who is a ham on a different extension and ring her phone.   The extensions do not have to have  "outside access" for the auto patch as the extensions would be used for internal communication to and from the repeater or to and from other extensions i add .  Example  extension 123 (which would be a sip client) be able to dial 28079 which is the repeater.  or  a person on the repeater  be able to dial  extension 123 and have the sip client ring.  I have a static ip address so i know that won't be a problem,  just a little confused on how to add everything in the  config files.   Does anyone by  chance have a good working exa
> mple
>     they could share?  I would try the other distro  but everyone like the web trans idea instead of using echo link  :)    
> 
>    Thanks for any help i could get..
> 
>    Bradley
>    allstar node 28079
> 
>    ------------------------------
> 
>    _______________________________________________
>    App_rpt-users mailing list
>    App_rpt-users at ohnosec.org
>    http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
> 
> 
>    End of App_rpt-users Digest, Vol 39, Issue 22
>    *********************************************
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://ohnosec.org/pipermail/app_rpt-users/attachments/20120520/521556c2/attachment.html>
> 
> ------------------------------
> 
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at ohnosec.org
> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
> 
> 
> End of App_rpt-users Digest, Vol 39, Issue 24
> *********************************************



More information about the App_rpt-users mailing list