My Asterisk attacked by a hecker for two hours

Please see the following excerpted log from /var/log/asterisk/message

3236 [Sep 4 11:31:56] NOTICE[3134] chan_sip.c: Registration from '"4137092962"<sip:4137092962@218.18.43.163>' failed for '188.25.53.200' - No matching peer found
3237 [Sep 4 11:31:57] NOTICE[3134] chan_sip.c: Registration from '"1"<sip:1@218.18.43.163>' failed for '188.25.53.200' - No matching peer found
.
.
.
13223 [Sep 4 11:34:35] NOTICE[3134] chan_sip.c: Registration from '"9999"<sip:9999@218.18.43.163>' failed for '188.25.53.200' - No matching peer found
13224 [Sep 4 11:34:39] NOTICE[3134] chan_sip.c: Registration from '"3026" <sip:3026@218.18.43.163>' failed for '188.25.53.200' - Wrong password
.
.
.
33337 [Sep 4 13:30:59] NOTICE[8688] chan_sip.c: Registration from '"3022" <sip:3022@218.18.43.163>' failed for '188.25.53.200' - Wrong password

複製代碼

The hecker started with s sip URL=sip:4137092962@218.18.43.163 to check whether a Asterisk server exists or not. If exists, it started to scan any matching peer. If found, the heckers started to guss the password for that extension. My Asterisk server was being hecked from Sep 4 11:31:56 and ended at Sep 4 13:30:59. The duration was around two hours. It generated 30102 messages in /var/log/asterisk/messages file.

It is highly recommended to set your password to a 10-digit string, which may consist lower/upper case letters and numbers. For instance, CcXXXXXXCc, where C denotes upper case letter, c lower case letter, and X number. The combination will be 26x26 * 26x26 * 10 * 10 * 10 * 10 * 10 * 26x26 * 26x26 = 208827064576000000. If the hecker can try 100 times in a second, it requires 66218627 years in maxium to the correct password to that extension. As a result, it almost impossible to do so.

YH