We are receiving an unusual call attempts to Prime Destinations (Poland,Myanmar,Mauritania,Latvia,Guinea, Congo, Somalia, North Korea and etc) from account, 888919XXXX, using iPox with IP from 218.103.2XX.XXX.
The unusual call pattern(even though not connecting) could indicate that the PBX server could be compromised. To prevent any further damage, we have suspended the account.
Tech blogs and IP PBX Users mailing lists worldwide are reporting a large spate of SIP based attacks against their VoIP servers, where the network activity shows tens of thousands of brute force attempts to guess usernames and passwords of SIP clients. Successful attackers obtaining SIP registration logins then make thousands of dollars worth of unauthorized calls, usually to premium destinations. We strongly advise to update all logins(web/ssh) on the asterisk server as well as the PennyTel VoIP and web password.
The following link provides some useful precautions that can be followed for Asterisk/3CX based systems, or any SIP voice switch that allows registration from dynamic IP addresses.
Please don't disregard this email if you have deployed Asterisk or 3CX.
Thank you.
Regards,
PennyTel Team作者: Qnewbie 時間: 2011-10-14 23:49
For IP01 with official firmware, you might(just my opinion)
1. Allow guest calls in sip setting set to No!!!
2. Password for users should be 12~16 mixed "random" characters.
3. Outgoing calling rules should exclude "Prime Destinations".作者: ckleea 時間: 2011-10-15 07:25
