<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'><font style="" color="#000000" face="Tahoma,sans-serif">Loren,<br><br> You did not explain why the allstar server has to be on DMZ? If there are other ports you need forwarded echolink, irlp, etc. to that computer you can do that. It would be much better to take the time and get the proper ports working then to have it open to the world. DMZ is OK for testing but not continuous use. <br id="FontBreak"></font><font style="" face="Tahoma,sans-serif"><br></font><font style="" face="Tahoma,sans-serif">You can certainly add protection to the linux box in the form of firewall, PW protection etc. but the best place to do it is at the source in the router. Why make it complicated!! The BeagleBone Black Allstar does have a pre-configured firewall that can be implemented easily in a situation where you might need it.</font><br><br><b><font style="font-size:16pt;" size="4">73 Doug</font><font style="font-size:16pt;" size="4"><br></font><font style="font-size:16pt;" size="4">WA3DSP</font><font style="font-size:16pt;" size="4"><br></font><font style="font-size:16pt;" size="4">http://www.crompton.com/hamradio</font></b><font style="font-size:16pt;" size="4"><br></font><br><br><div><hr id="stopSpelling">Date: Thu, 25 Sep 2014 08:58:58 -0500<br>Subject: Re: [App_rpt-users] Security Issues<br>From: lorentedford@gmail.com<br>To: doug@crompton.com<br><br><div dir="ltr"><div><div><div><div>Doug <br><br><br></div>We are using a ARRIS/Motorola SBG6580 SURFboard DOCSIS 3.0 Cable Modem and WiFi-N Router. This unit is DMZ to our Allstar box for a few purposes one being that the node is also being utilized for more that just repeater functions.. 2nd we have changed our port for ssh for security purposes first off just in the event we get attacked with a bunch of ssh hackers like my Linode server was under the past 3 weeks... We keep getting Chinese Ips trying to hack access to our public servers... Anyway back to the point.. We didnt realize that the server over all is open so.. If this is the case isnt there a firewall built into the acid distro? if not would it be easier for us to throw like Debian like what i have on my other servers that I use and still be capable of running allstar setup with both repeaters.. Lots of questions here i know.. But if the software cant handle its own firewall functions I need to look at a more long term solutions. I at least figured it had Iptables in it unless i looked in the wrong place..<br></div>also in the Moduels.conf<br><br><br>;<br>; Asterisk configuration file<br>;<br>; Module Loader configuration file<br>;<br><br>[modules]<br>autoload=yes<br>noload=chan_oss.so<br>noload=chan_alsa.so<br>noload=chan_phone.so<br>noload=chan_sip.so<br><br>[global]<br><br><br></div>I really like remoting the system do it all the time from work using ssh via my phone when making adjustments to my stuff..<br><br></div>Thanks so much for getting back to me so quickly and let me know if there is anything i did wrong or any other suggestions based on this.. I am also using the Echolink.conf file for now it will one day be moved to the 2 meter repeater once we get our duplexer problem fixed been a rough couple of weeks from everything to unauthorized access attempts to damaged product during shipping gotta love UPS thanks again 73's Loren~<br><div><div><div><div><br></div></div></div></div><div class="ecxgmail_extra"><br clear="all"><div><div dir="ltr"><div style="font-family:arial;font-size:small;">Loren Tedford (KC9ZHV) <br>Email: <a href="mailto:lorentedford@gmail.com" style="color:rgb(17,85,204);" target="_blank">lorentedford@gmail.com</a><br></div><div style="font-family:arial;font-size:small;">Email: <a href="mailto:lorentedford@live.com" style="color:rgb(17,85,204);" target="_blank">lorentedford@live.com</a></div><div style="font-family:arial;font-size:small;">Email: <a href="mailto:lorentedford@aol.com" style="color:rgb(17,85,204);" target="_blank">lorentedford@aol.com</a></div><div style="font-family:arial;font-size:small;">Email: <a href="mailto:LorenCS@Ltcraft.net" style="color:rgb(17,85,204);" target="_blank">LorenCS@Ltcraft.net</a></div><div style="font-family:arial;font-size:small;">Email: <a href="mailto:lorentedford@yahoo.com" style="color:rgb(17,85,204);" target="_blank">lorentedford@yahoo.com</a></div><div style="font-family:arial;font-size:small;">Email:<a href="mailto:loren@lorentedford.com" style="color:rgb(17,85,204);" target="_blank"> loren@lorentedford.com</a><br></div><div style="font-family:arial;font-size:small;">Email: <a href="mailto:loren@richlandcountycomputers.com" style="color:rgb(17,85,204);" target="_blank">loren@richlandcountycomputers.com</a></div><div style="font-family:arial;font-size:small;">Phone: 618-553-0806</div><div style="font-family:arial;font-size:small;"><a href="http://www.lorentedford.com/" style="color:rgb(17,85,204);" target="_blank">http://www.lorentedford.com</a><br></div><div style="font-family:arial;font-size:small;"><a href="http://www.ltcraft.net/" style="color:rgb(17,85,204);" target="_blank">http://www.Ltcraft.net</a></div><div style="font-family:arial;font-size:small;"><a href="http://www.richlandcountycomputers.com/" style="color:rgb(17,85,204);" target="_blank">http://www.richlandcountycomputers.com</a></div><div style="font-family:arial;font-size:small;"><a href="http://kc9zhv.lorentedford.com/" style="color:rgb(17,85,204);" target="_blank">http://kc9zhv.lorentedford.com</a></div><div><br></div></div></div>
<br><div class="ecxgmail_quote">On Wed, Sep 24, 2014 at 9:43 PM, Doug Crompton <span dir="ltr"><<a href="mailto:doug@crompton.com" target="_blank">doug@crompton.com</a>></span> wrote:<br><blockquote class="ecxgmail_quote" style="border-left:1px #ccc solid;padding-left:1ex;">
<div><div dir="ltr"><font color="#000000" face="Tahoma,sans-serif">I assume you have the linux box behind a router? If so why would you have sip even routed to your linux box if you are not using it? Routers make good firewalls. The only thing you should have routed is 4569 (udp) and 222 (tcp) neither have to be routed. 4569 would only need to be routed if you wanted to accept incoming connections. Outgoing would work fine without it. 222 would only be needed for administration.<br><br>From what you are saying you obviously must not have a front-end (router firewall etc.) on your system . It sounds like you are just hanging on the raw Internet!! Some people go the easy route and put thhings in the DMZ of their routers which does open them up to the world. I went into an Allstar system this week to help with setup and I immediately knew it was on the DMZ. In the Asterisk client I was getting sip messages left and right. I unloaded the sip module and they went away. Not the right way to do it though as it should not be on dmz to begin with. Simply not having a sip.conf file does not prevent sip traffic!!!<br><br>Assuming you have a router there should be no need to disable sip as it is never going to get to your box unless you port forward it there. It would be a good idea thought to not load the code for it if you are not using it. A noload=chan_sip.so in modules.conf would take care of that. <br><br>Most good routers also allow you to specify specific or blocks of IP addresses to disallow. If there is a specific foreign block, say in China you can identify you could probably block it. <br><br>So the bottom line is you could make your linux system tottally unavailable to the outside world by just not forwarding any ports. The downside is no one could connect to you (sometimes desirable) and you could not remotely administer your system. <br></font><br><br><b><font style="font-size:16pt;" size="4">73 Doug</font><font style="font-size:16pt;" size="4"><br></font><font style="font-size:16pt;" size="4">WA3DSP</font><font style="font-size:16pt;" size="4"><br></font><font style="font-size:16pt;" size="4"><a href="http://www.crompton.com/hamradio" target="_blank">http://www.crompton.com/hamradio</a></font></b><font style="font-size:16pt;" size="4"><br></font><br><br><div><hr>Date: Wed, 24 Sep 2014 20:52:22 -0500<br>From: <a href="mailto:lorentedford@gmail.com" target="_blank">lorentedford@gmail.com</a><br>To: <a href="mailto:app_rpt-users@ohnosec.org" target="_blank">app_rpt-users@ohnosec.org</a><br>Subject: [App_rpt-users] Security Issues<div><div class="h5"><br><br><div dir="ltr"><div>Hey its Loren here again...<br><br></div>Was curious what everyone found was the most substantial security risk with a Acid installation connected too two repeaters.. The sip.conf was deleted from the asterisks folder.. Noticed a strange node connection that didn’t match all stars normal node numbers <a target="_blank">3101702</a> also found some thing with <a href="http://x.allstarlink.org" target="_blank">x.allstarlink.org</a> in it anybody know what this is?? Anyway my linode server has been under constant attack from China they keep wanting to ssh into the server we had to drastically beef up things on the server such as changing the whole root user issue and moving to another port number etc.. Any thoughts ideas did i just become victum of a Sip attack too besides 19 ddos attacks this week already and over a million failed ssh attempts into my person linode server...<br><div><br><br clear="all"><div><div><div dir="ltr"><div style="font-family:arial;font-size:small;">Loren Tedford (KC9ZHV) <br>Email: <a href="mailto:lorentedford@gmail.com" style="color:rgb(17,85,204);" target="_blank">lorentedford@gmail.com</a><br></div><br><div style="font-family:arial;font-size:small;"><a href="http://www.lorentedford.com/" style="color:rgb(17,85,204);" target="_blank">http://www.lorentedford.com</a><br></div><div style="font-family:arial;font-size:small;"><a href="http://www.ltcraft.net/" style="color:rgb(17,85,204);" target="_blank">http://www.Ltcraft.net</a></div><div style="font-family:arial;font-size:small;"><a href="http://www.richlandcountycomputers.com/" style="color:rgb(17,85,204);" target="_blank">http://www.richlandcountycomputers.com</a></div><div style="font-family:arial;font-size:small;"><a href="http://kc9zhv.lorentedford.com/" style="color:rgb(17,85,204);" target="_blank">http://kc9zhv.lorentedford.com</a></div><div><br></div></div></div>
</div></div></div>
<br></div></div>_______________________________________________
App_rpt-users mailing list
<a href="mailto:App_rpt-users@ohnosec.org" target="_blank">App_rpt-users@ohnosec.org</a>
<a href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users" target="_blank">http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</a>
To unsubscribe from this list please visit <a href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users" target="_blank">http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</a> and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.</div> </div></div>
</blockquote></div><br></div></div></div> </div></body>
</html>