[App_rpt-users] CLI help
Andrew Sylthe
asylthe at kc9ona.com
Fri Jun 27 22:01:28 UTC 2014
'allowguest=no' is sip.conf (
http://www.voip-info.org/wiki/view/Asterisk+sip+allowguest) is definitely
something you want to have set in this case. The malicious request most
likely didn't circumvent the security of your system. The attacker only
tried to probe port 5060 with a SIP INVITE to see if you were allowing
unauthenticated calling to international numbers. In my opinion it's best
to block all inbound traffic to port 5060 (UDP) with iptables, and add pass
rules for intended hosts (unless that isn't possible because your sip
clients bounce around on different networks with varying IPs).
On Fri, Jun 27, 2014 at 3:04 PM, Robert Newberry <N1XBM at amsat.org> wrote:
> So I've implemented the changes people suggested except for fail2ban. I'm
> still reading up on it.
>
> I also didn't change passwords because that hasn't been compromised
> someone is fishing around looking for an outside line.
>
> Also someone mentioned checking a messages folder. Is it OK to clear out
> that file? It goes back to May.
>
> I'll keep you guys posted on how it goes. I'll be monitoring the server
> over the weekend.
>
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at ohnosec.org
> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>
> To unsubscribe from this list please visit
> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down
> to the bottom of the page. Enter your email address and press the
> "Unsubscribe or edit options button"
> You do not need a password to unsubscribe, you can do it via email
> confirmation. If you have trouble unsubscribing, please send a message to
> the list detailing the problem.
>
--
Andrew Sylthe
KC9ONA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20140627/e2260752/attachment.html>
More information about the App_rpt-users
mailing list