Hallo,
I just want inform you, that you have an big security issue in the default configuration.
A view days ago I set up an asterisk to use it as proxy.
I just added 2 Sip Accounts and changed the default extension to pass throught to my provider
This morging my provider called me, that I have expensive calls on my line.
Allthough I stopped my asterisk immediatly I have costs about 800EUR in only 50 Minutes.
First I thought I made an mistake, bit mit SIP accounts have passwords und as I see in the Master.csv, my Sip Accounts are not used
“”,“1001”,“002399890124”,“default”,“1001”,“SIP/82.xxx.xxx.xxx-00000006”,“IAX2/PBXNET462”,“Dial”,“IAX2/PBXNET/002399890124”,“2011-09-01 09:19:34”,“2011-09-01 09:19:45”,11,0,“NO ANSWER”,“DOCUMENTATION”,“1314868774.14”,""
"",“1001”,“002399890124”,“Outbound_Route”,“1001”,“SIP/82.xxx.xxx.xxx-00000009”,“IAX2/PBXNET-220”,“Dial”,“IAX2/PBXNET/002399890124”,“2011-09-01 09:21:23”,“2011-09-01 09:21:28”,“2011-09-01 09:21:41”,18,13,“ANSWERED”,“DOCUMENTATION”,"1314868
How do Hackers use my system?
First I saw an open guest acount in iax.con [guest]. But this seems to come over SIP.
Is there also an default configuration, that every body may use SIP without Authentication?
Please keep in mind the impact of such open configuration. If my Provider had not called me, I had noticed it days later and I would be bankrupt now.
An other issue is, that there seems to be no limits na parallel calls by default. I limmited the rtp port to 10, so the hackers where “only” able to use 10 calls parallel (an I see 10 parrallel calls in the log of my provider).
If I haven’t done this, they perhaps had used hundrets of calls parallel.
regards
Ralf