I have allowguest=no; alwaysauthreject=yes in the IAX and SIP general custom conf. I remember now I put it there when I first set it up.
sbiddle
I think what I am trying to say is that because asterisk is software it has to constantly be updated and maintained, whereas a hardware PBX on the wall just does it's job year after year without any bother. I admit that I am not clued up enough (yet) to setup asterisk from scratch and create a secure dialplan or even what a secure dialplan looks like so I have to rely on the likes of Elastix trixbox and PIAF to make sure their dialplans are secure and if they can't get it right what hope do I have. I do however know my way around computers and networking in general and believe i have followed basic security measures. FYI I have read somewhere that Fail2ban can be got through with a hacking tool because it is too slow to react. So just goes to show nothing is safe for long. Keeping your box invisible to the internet I believe is the most important thing, if they don't know your there they can't hack you.
I have been talking to 2talk and they confirmed the calls came from their upstream provider through the PSTN network, so will make tracking back to them difficult. I would really like to find them and beat them with a stick LOL. My trixbox could have been hack with a simple Telecom landline, no fancy hacking tools needed. I only ever have $10 to $20 on my 2talk account anyway so they will never get much out of me.
techmeister: I think what I am trying to say is that because asterisk is software it has to constantly be updated and maintained, whereas a hardware PBX on the wall just does it's job year after year without any bother.
A "non VoIP" PBX is no guarantee of security either. While much of what we are hearing about now is compromised VoIP systems, fraud on older PBX systems still occurs on a daily basis with people accessing voicemail platforms or DISA trunks to route calls. An IP based system probably offers some advantages in that it is far easier to see what is actually going on under the hood system.
I am afraid the dialplan is a bit too much to analyse - this sort of crap was somehow expected, I did not think its actually that bad. I can imagine it is possible to dial into your IVR and call the directory service. After a few invalid attempts or a timeout - due to no entry, the call should go to the default extension defined in OPERATOR_XTN. If something goes wrong it gets really messy. The call is treated as coming from-internal as it is included in from-internal-additional through other contexts. This will allow the caller to dialout.
You should consider deactivating all modules you never use such like call transfer, voicemail, directory - everything; just keep it simple. Also please study the documentation regarding asterisk contexts and get this cleaned up. I bed you can apply the same configuration to a new Trixbox installation and end up with the security whole again.
Certainly its a lot of work to configure an asterisk standalone installation without interface for the very first time, but in the end its all very clear and you exactly know whats going on in your PBX.
Yes I thought that might be the case. I guess the more features they build into these things the more complicated the dialplan and more chance for holes. It has taught me a valuable lesson in that you only install the features that you are going to use, keeping it simple is more secure. I am going to install an IP01 box from Atcom that I have been mucking around with to see how that will stand up security wise. The hackers have stopped ringing for now, but they will be back. I might turn the tables on them and use them as security testers.
Thanks for your help.
sbiddle
I guess on the more fancier PSTN PBX's that bigger businesses have, there are holes too, you just never seem to hear about them being hacked. The old PBX's I see in small businesses are just basically call routers nothing more, so never need anything. I do agree that VOIP calls are more traceable, this is why 2talk told me it would be very hard to track them down because the calls came from the PSTN. 2talk have been very good and have implemented a lot of security features of late and no doubt there will be more. If you don't mind me asking what PBX do you deploy/use ?
techmeister: If you don't mind me asking what PBX do you deploy/use ?
I'm a great Asterisk fan but as part of my day job which involves managing a VoIP network and running a softswitch I get exposed to a hardware from a number of different vendors. My personal opinion is that there is no perfect VoIP handset or PBX!
Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly
to your computer or smartphone by using a feed reader.
Retired Mod
Trusted
Biddle Corp
