<div dir="ltr">'allowguest=no' is sip.conf (<a href="http://www.voip-info.org/wiki/view/Asterisk+sip+allowguest">http://www.voip-info.org/wiki/view/Asterisk+sip+allowguest</a>) is definitely something you want to have set in this case. The malicious request most likely didn't circumvent the security of your system. The attacker only tried to probe port 5060 with a SIP INVITE to see if you were allowing unauthenticated calling to international numbers. In my opinion it's best to block all inbound traffic to port 5060 (UDP) with iptables, and add pass rules for intended hosts (unless that isn't possible because your sip clients bounce around on different networks with varying IPs).</div>
<div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Jun 27, 2014 at 3:04 PM, Robert Newberry <span dir="ltr"><<a href="mailto:N1XBM@amsat.org" target="_blank">N1XBM@amsat.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<p dir="ltr">So I've implemented the changes people suggested except for fail2ban. I'm still reading up on it.</p>
<p dir="ltr">I also didn't change passwords because that hasn't been compromised someone is fishing around looking for an outside line.</p>
<p dir="ltr">Also someone mentioned checking a messages folder. Is it OK to clear out that file? It goes back to May. </p>
<p dir="ltr">I'll keep you guys posted on how it goes. I'll be monitoring the server over the weekend. </p>
<br>_______________________________________________<br>
App_rpt-users mailing list<br>
<a href="mailto:App_rpt-users@ohnosec.org">App_rpt-users@ohnosec.org</a><br>
<a href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users" target="_blank">http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</a><br>
<br>
To unsubscribe from this list please visit <a href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users" target="_blank">http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</a> and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"<br>
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem. <br></blockquote></div><br><br clear="all"><div>
<br></div>-- <br><div dir="ltr">Andrew Sylthe<br>KC9ONA<br></div>
</div>