返回列表 發帖

日本那邊再有Asterisk被盜帳號撥國際電話(IDD)

這回是被撥打了共70萬日元(折算港幣六萬三千元啊~ )

而跟據受害者所述...
1)是用NTT西日本的IP電話(這個可以不理,因為形式是像nwt的那樣有一隻類似ATA的東東)
2)當時是用Asterisk 1.6.1.9
3)已設定allowguest=no
4)因要給IP電話通過,所以在Router中開放了SIP和RTP Port
5)Asterisk user的密碼設定為5位字左右
6)Asterisk Log只有由2月份開始

他好像只有3個帳號...其中一台是Wi-Fi SIP Phone...
而這台機的密碼好像是不夠長...懷疑問題是出於這台機...

其實在日本已經不是第一次了...早前也有幾次被收取了數萬至十多萬日元(也有數千至一萬多港元啊...)
我們雖然暫時還未影響...但也請引以為戒...

其實有人建議在DialPlan中設定不要給撥打IDD字頭...(例如香港的_001X.便hangup)
以防止被盜撥IDD情況發生...

PS:日語不太好...希望沒譯錯吧~

I was attacked from 89.115.177.119 for a few minutes ago.

It tried to vary login name with 3024996829(?), 123, testing, guest, admin, etc.

[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"3024996829"<sip:3024996829@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"123"<sip:123@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"1234"<sip:1234@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"12345"<sip:12345@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"123456"<sip:123456@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"test"<sip:test@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"sip"<sip:sip@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"user"<sip:user@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"admin"<sip:admin@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"pass"<sip:pass@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"password"<sip:password@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"testing"<sip:testing@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"guest"<sip:guest@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"voip"<sip:voip@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"account"<sip:account@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"passwd"<sip:passwd@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"qwerty"<sip:qwerty@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"654321"<sip:654321@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"54321"<sip:54321@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"4321"<sip:4321@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"321"<sip:321@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"pass1"<sip:pass1@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"abc123"<sip:abc123@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"123abc"<sip:123abc@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"qwerty1"<sip:qwerty1@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"123456"<sip:123456@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"password"<sip:password@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"p@ssw0rd"<sip:p@ssw0rd@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"@ssw0rd"<sip@ssw0rd@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"assword1"<sipassword1@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"parola"<sip:parola@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"12345678"<sip:12345678@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"87654321"<sip:87654321@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"0000"<sip:0000@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"00"<sip:00@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"000"<sip:000@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"000000"<sip:000000@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"00000000"<sip:00000000@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"9999"<sip:9999@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"999"<sip:999@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"99999999"<sip:99999999@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"1"<sip:1@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"2"<sip:2@123.123.123.123>' failed for '89.115.177.119' - No matching peer found
[Oct  2 04:33:06] NOTICE[2399]: chan_sip.c:21648 handle_request_register: Registration from '"3"<sip:3@123.123.123.123>' failed for '89.115.177.119' - No matching peer found

TOP

香港也有同樣不幸事件發生。
話說有一個 Call Centre (全TDM,用某大牌子) 做 UAT,個 IDD 功能無 block 到,有一日有人真係用電話 hack 佐入 PABX 打了四十萬元 (HKD) IDD ,現正法律訴訟中。
所以,IDD真的要小心處理。

TOP

Following your advice, I have prepared some more complicated password such as mixture of upper and lower cases, number, symbols such as #%!^

One may look at site like this to generate complex password.

http://www.onlinepasswordgenerator.com/cgi-bin/password.cgi
http://maord.com/

However, it is one's responsibility to remember or keep track of your latest passwords which may not be easy to remember.

TOP

The password is only 14 characters.

It is the only protection we got for Asterisk. Why not make it more difficult for hackers? In most case, you only need to type in twice. For more safety, do a paper work!

More worse, your administrator password at your server requires more attention.

TOP

当然可以,这就是DISA function。最主要是那些hackers先用program去找出你的password and login name。首先我们的login name一般都是4位数目字,然后它每一个数目字用password scanning,找出后,他们就猜dialplan的结构。所以我们password这一道关口一定要守得非常严密,不能用数目字。我们的log里,就发现有些hacker,一分钟类可以试很多个password。如果你的password用数目字,很快他们就能检查出出来。

如果你用4位数目字,那么combination就是10x10x10x10 = 10,000次就可以找出来。如果我们用8位,前面两位是英文字,2x26 x2x26 x10 x10 x10 x10 x10 x10 = 2,704,000,000 那么它的系统再强的也很难hack。它会觉得浪费它的时间。这是第一关,如果它过了第一关,那么第二关就是dialplan,让他们打的电话都要是免费。如果要打收费,可以再要password,那么基本上他们的再强的系统也不会浪费时间去找另外password,可能这个password要再写program去hack。

所以我们一般的account,只能拨打免费电话,根本没有空隙让hacker打收费电话。


角色

TOP

我覺得在DialPlan中設定不要給撥打IDD字頭好像不太好! 不知道Asterisk可否set在打IDD前要輸入password? 這樣海外親友便可以享用到香港優質低廉的IDD服務! 又或者向電訊公司申請防止盜用IDD功能!
Welcome to my TaoBao shop: http://mandymak520.taobao.com/

TOP

Qnewbie的password好像是20几位,而且什么characters都有。哗噻!劲!

角色

TOP

如果system admin的密码一定要够长,我的是13位!其他account是8位,中间有英文。

角色

TOP

返回列表