Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 


296 posts

Ultimate Geek
+1 received by user: 9


  Reply # 393405 19-Oct-2010 00:17 Send private message

I have allowguest=no; alwaysauthreject=yes in the IAX and SIP general custom conf.
I remember now I put it there when I first set it up.

sbiddle

I think what I am trying to say is that because asterisk is software it has to constantly be updated and maintained, whereas a hardware PBX on the wall just does it's job year after year without any bother.
I admit that I am not clued up enough (yet) to setup asterisk from scratch and create a secure dialplan or even what a secure dialplan looks like so I have to rely on the likes of Elastix trixbox and PIAF to make sure their dialplans are secure and if they can't get it right what hope do I have.
I do however know my way around computers and networking in general and believe i have followed basic security measures.
FYI I have read somewhere that Fail2ban can be got through with a hacking tool because it is too slow to react.
So just goes to show nothing is safe for long.
Keeping your box invisible to the internet I believe is the most important thing, if they don't know your there they can't hack you.

I have been talking to 2talk and they confirmed the calls came from their upstream provider through the PSTN network, so will make tracking back to them difficult. I would really like to find them and beat them with a stick LOL. 
My trixbox could have been hack with a simple Telecom landline, no fancy hacking tools needed.
I only ever have $10 to $20 on my 2talk account anyway so they will never get much out of me.







Now on Slingshot Better Network and it's better.

Share Image

19200 posts

Uber Geek
+1 received by user: 1078

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 393445 19-Oct-2010 08:06 Send private message

techmeister:
I think what I am trying to say is that because asterisk is software it has to constantly be updated and maintained, whereas a hardware PBX on the wall just does it's job year after year without any bother.



A "non VoIP" PBX is no guarantee of security either. While much of what we are hearing about now is compromised VoIP systems, fraud on older PBX systems still occurs on a daily basis with people accessing voicemail platforms or DISA trunks to route calls. An IP based system probably offers some advantages in that it is far easier to see what is actually going on under the hood system.

7 posts

Wannabe Geek


  Reply # 393456 19-Oct-2010 08:37 Send private message

Hi Techmeister,

I am afraid the dialplan is a bit too much to analyse - this sort of crap was somehow expected, I did not think its actually that bad. I can imagine it is possible to dial into your IVR and call the directory service. After a few invalid attempts or a timeout - due to no entry, the call should go to the default extension defined in OPERATOR_XTN. If something goes wrong it gets really messy. The call is treated as coming from-internal as it is included in from-internal-additional through other contexts. This will allow the caller to dialout.

You should consider deactivating all modules you never use such like call transfer, voicemail, directory - everything; just keep it simple. Also please study the documentation regarding asterisk contexts and get this cleaned up. I bed you can apply the same configuration to a new Trixbox installation and end up with the security whole again.

Certainly its a lot of work to configure an asterisk standalone installation without interface for the very first time, but in the end its all very clear and you exactly know whats going on in your PBX.

Good luck!



296 posts

Ultimate Geek
+1 received by user: 9


  Reply # 393726 19-Oct-2010 18:37 Send private message

bungy

Yes I thought that might be the case.
I guess the more features they build into these things the more complicated the dialplan
and more chance for holes.
It has taught me a valuable lesson in that you only install the features that you are going to use, keeping it simple is more secure.
I am going to install an IP01 box from Atcom that I have been mucking around with to see how that will stand up security wise.
The hackers have stopped ringing for now, but they will be back.
I might turn the tables on them and use them as security testers.

Thanks for your help.

sbiddle

I guess on the more fancier PSTN PBX's that bigger businesses have, there are holes too, you just never seem to hear about them being hacked.
The old PBX's I see in small businesses are just basically call routers nothing more, so never need anything.
I do agree that VOIP calls are more traceable, this is why 2talk told me it would be very hard to track them down because the calls came from the PSTN.
2talk have been very good and have implemented a lot of security features of late and no doubt there will be more.
If you don't mind me asking what PBX do you deploy/use ?

Thanks to everyone for your help.







Now on Slingshot Better Network and it's better.

Share Image

19200 posts

Uber Geek
+1 received by user: 1078

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 393746 19-Oct-2010 19:32 Send private message

techmeister: If you don't mind me asking what PBX do you deploy/use ?



I'm a great Asterisk fan but as part of my day job which involves managing a VoIP network and running a softswitch I get exposed to a hardware from a number of different vendors. My personal opinion is that there is no perfect VoIP handset or PBX!




1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

MH 17 "shot down" all dead
Created by joker97, last reply by turnin on 22-Jul-2014 16:56 (196 replies)
Pages... 12 13 14


Huge Fuss, didn't even make it a year.
Created by networkn, last reply by Glassboy on 22-Jul-2014 19:50 (121 replies)
Pages... 7 8 9


Skinny's new aggressive ad campaign
Created by Yabanize, last reply by Yabanize on 22-Jul-2014 23:35 (52 replies)
Pages... 2 3 4


Cunliffe on Holiday
Created by networkn, last reply by oxnsox on 22-Jul-2014 18:43 (33 replies)
Pages... 2 3


Insulation - good deals?
Created by Fred99, last reply by Handle9 on 19-Jul-2014 18:08 (15 replies)

VDSL router/modem to replace Telecom model
Created by Davoid, last reply by Inphinity on 22-Jul-2014 12:18 (12 replies)

Telecom and temporarily moving
Created by Tel69, last reply by NonprayingMantis on 19-Jul-2014 21:34 (12 replies)

Those were the days......Xtra Jetstream plans 10 yrs ago
Created by clinty, last reply by Behodar on 22-Jul-2014 20:24 (22 replies)
Pages... 2



Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.