Asterisk sip account 'hacked'

f1outsourcing · January 16, 2017, 9:53am

Is there any security issue with 13.7.2 and the sip authentication? We had access to an account with random generated password, and very few brute tries. Actually this account is dormant, so it is also not likely the password has been sniffed somewhere also.

We previously were running 1.8 and this is the first time we experience something like this.

[Jan 15 03:11:54] NOTICE[30870] chan_sip.c: Registration from ‘sip:100@212.19.193.163’ failed for ‘5.11.44.194:25339’ - Wrong password
[Jan 15 03:11:56] NOTICE[30870] chan_sip.c: Registration from ‘sip:08@212.19.193.163’ failed for ‘5.11.44.194:25339’ - Wrong password
[Jan 15 03:11:57] NOTICE[30870] chan_sip.c: Registration from ‘sip:08@212.19.193.163’ failed for ‘5.11.44.194:25339’ - Wrong password
[Jan 15 03:12:08] NOTICE[30870][C-0000f475] chan_sip.c: Call from ‘08’ (5.11.44.194:25339) to extension ‘+14042605390’ rejected because extension not found in context ‘r-clients’.
[Jan 15 03:12:17] NOTICE[30870] chan_sip.c: Registration from ‘sip:08@212.19.193.163’ failed for ‘5.11.44.194:25339’ - Wrong password
[Jan 15 03:12:30] NOTICE[30870][C-0000f478] chan_sip.c: Call from ‘08’ (5.11.44.194:25339) to extension ‘+359873012503’ rejected because extension not found in context ‘r-clients’.
[Jan 15 03:12:35] NOTICE[30870][C-0000f479] chan_sip.c: Call from ‘08’ (5.11.44.194:25339) to extension ‘0014042605390’ rejected because extension not found in context ‘r-clients’.
[Jan 15 03:12:58] NOTICE[30870] chan_sip.c: Registration from ‘sip:08@212.19.193.163’ failed for ‘5.11.44.194:25339’ - Wrong password
[Jan 15 03:13:08] NOTICE[30870][C-0000f47b] chan_sip.c: Call from ‘08’ (5.11.44.194:25339) to extension ‘+14042605390’ rejected because extension not found in context ‘roosit-clients’.
[Jan 15 03:13:11] NOTICE[30870] chan_sip.c: Registration from ‘“MyName” sip:08@212.19.193.163:5060’ failed for ‘5.11.44.194:5060’ - Wrong password
[Jan 15 03:13:15] NOTICE[30870][C-0000f47c] chan_sip.c: Call from ‘08’ (5.11.44.194:5060) to extension ‘14042605390’ rejected because extension not found in context ‘r-clients’.
[Jan 15 03:13:15] NOTICE[30870][C-0000f47d] chan_sip.c: Call from ‘08’ (5.11.44.194:5060) to extension ‘014042605390’ rejected because extension not found in context ‘r-clients’.
[Jan 15 03:13:15] NOTICE[30870][C-0000f47e] chan_sip.c: Call from ‘08’ (5.11.44.194:5060) to extension ‘0014042605390’ rejected because extension not found in context ‘r-clients’.
[Jan 15 03:13:15] NOTICE[30870][C-0000f47f] chan_sip.c: Call from ‘08’ (5.11.44.194:5060) to extension ‘00014042605390’ rejected because extension not found in context ‘r-clients’.

Asterisk 13.7.2

jcolp · January 16, 2017, 11:39am

All security advisories are on the website[1]. Only the latest advisory would be applicable and it has a very narrow scope. I’d suggest providing the configuration, minus passwords, to ensure your configuration is not incorrect in some way.

[1] http://www.asterisk.org/downloads/security-advisories

Topic		Replies	Views
Wrong password error (out of nowhere) Asterisk Support	1	1226	March 21, 2017
HACK to multiple sip accounts Asterisk Support	7	341	May 18, 2011
Wrong password - Registration Failed Asterisk SIP	5	23120	January 31, 2020
Registration failed - Wrong Password Asterisk General	2	401	March 23, 2009
My PC with Asterisk 1.8.11.1+FreePBX 2.10.0 has been hacked Asterisk Support	5	413	May 9, 2012

Asterisk sip account 'hacked'

Related topics