請問這個asterisk log是否嘗試被入侵?

SuiYan

請問這個asterisk log是否嘗試被入侵? 足足2分鐘.

[Apr  6 16:14:11] NOTICE[25705][C-0000003d] chan_sip.c: Call from '' (37.8.60.34:20376) to extension '001972592646879' rejected because extension not found in context 'default'.
[Apr  6 16:14:12] NOTICE[25705][C-0000003e] chan_sip.c: Call from '' (37.8.60.34:28195) to extension '0001972592646879' rejected because extension not found in context 'default'.
[Apr  6 16:14:13] NOTICE[25705][C-0000003f] chan_sip.c: Call from '' (37.8.60.34:28195) to extension '00001972592646879' rejected because extension not found in context 'default'.
[Apr  6 16:14:17] NOTICE[25705][C-00000040] chan_sip.c: Call from '' (37.8.60.34:20698) to extension '0000001972592646879' rejected because extension not found in context 'default'.
[Apr  6 16:14:18] NOTICE[25705][C-00000041] chan_sip.c: Call from '' (37.8.60.34:20754) to extension '*001972592646879' rejected because extension not found in context 'default'.
[Apr  6 16:14:19] NOTICE[25705][C-00000042] chan_sip.c: Call from '' (37.8.60.34:20699) to extension '**001972592646879' rejected because extension not found in context 'default'.
[Apr  6 16:14:19] NOTICE[25705][C-00000043] chan_sip.c: Call from '' (37.8.60.34:29815) to extension '+001972592646879' rejected because extension not found in context 'default'.
[Apr  6 16:14:20] NOTICE[25705][C-00000044] chan_sip.c: Call from '' (37.8.60.34:29815) to extension '+972592646879' rejected because extension not found in context 'default'.
[Apr  6 16:14:21] NOTICE[25705][C-00000045] chan_sip.c: Call from '' (37.8.60.34:20754) to extension '*972592646879' rejected because extension not found in context 'default'.
[Apr  6 16:14:22] NOTICE[25705][C-00000046] chan_sip.c: Call from '' (37.8.60.34:20464) to extension '0080972592646879' rejected because extension not found in context 'default'.
[Apr  6 16:14:22] NOTICE[25705][C-00000047] chan_sip.c: Call from '' (37.8.60.34:20464) to extension '90080972592646879' rejected because extension not found in context 'default'.
[Apr  6 16:14:23] NOTICE[25705][C-00000048] chan_sip.c: Call from '' (37.8.60.34:20376) to extension '80080972592646879' rejected because extension not found in context 'default'.
[Apr  6 16:14:24] NOTICE[25705][C-00000049] chan_sip.c: Call from '' (37.8.60.34:29806) to extension '009972592646879' rejected because extension not found in context 'default'.
[Apr  6 16:14:25] NOTICE[25705][C-0000004a] chan_sip.c: Call from '' (37.8.60.34:29806) to extension '9009972592646879' rejected because extension not found in context 'default'.
[Apr  6 16:14:25] NOTICE[25705][C-0000004b] chan_sip.c: Call from '' (37.8.60.34:29815) to extension '99009972592646879' rejected because extension not found in context 'default'.
[Apr  6 16:14:26] NOTICE[25705][C-0000004c] chan_sip.c: Call from '' (37.8.60.34:29816) to extension '8009972592646879' rejected because extension not found in context 'default'.
[Apr  6 16:14:27] NOTICE[25705][C-0000004d] chan_sip.c: Call from '' (37.8.60.34:29811) to extension '88009972592646879' rejected because extension not found in context 'default'.
[Apr  6 16:14:27] NOTICE[25705][C-0000004e] chan_sip.c: Call from '' (37.8.60.34:29811) to extension '9001972592646879' rejected because extension not found in context 'default'.

角色

那么你按照我之前所说的去做，不用担心他去hack你。

SuiYan

我的是nas, 放在buffalo link station pro

角色

如果是的Asterisk是PC，不怕hacker attacks。

SuiYan

發現有些來源.

話說. 轉了ip Address後, 2天也沒有發現有被attack.
但今日下午約3:30. 在手機用過iptel.org 打過電話返屋企, 打的電話用 1234@xxxx.ddns.org 和
linphone.org 打去我的1234@xxxx.ddns.org.

跟住. 在5點多, 就開始發現有被ATTACK.

Qnewbie

My settings for RB(all my remote contacts have either fix-ips or DDNS):
http://www.telecom-cafe.com/forum/viewthread.php?tid=4330

I think attacks are IP-based not DDNS-based(in my own experience).

SuiYan

我昨晚睡前. 把bb modem關掉. 好讓hkbn把我的ip address轉換另一個.
看看入侵者是根據IP ADDRESS 還是根據 DDNS DOMAIN

角色

回復 10# Qnewbie

What did you do in your RB?

電腦超人

最近好像有不少這類CASE...
我的幾台asterisk好像也有類似的情況...

不過我相信除了password外...dialplan的設定也很重要...
我的dialplan設定只能撥出免費的通話的...
(例如致電香港的是9+XXXXXXXX(8個數字,不多不少))

Qnewbie

It is the main reason to change my router with RB750G: to tackle the SIP registration attacks.

SuiYan

連續鑑測asterisk log, 這3天入有不斷入侵.
今天最利害, 全日每2小時一次, 每次半小時, 幾秒一次入侵. 早上8點至到現在.
所以, 剛剛關了那asterisk 和 router port forward.

浮雲1965

請問如果是Elastix, 好似是不建議手動改sip.conf, 那應該如何加入？

[general]
alwaysauthreject=yes

是不是就是Elsatix內的General Settings內的
Security Settings
Allow Anonymous Inbound SIP Calls：    NO

由于我的Elastix server是放在Data Center的，
Elastix server, 可不可以加多一個內網網卡，接內網， 我用openvpn進入內網，再來管理個Elastix server?



謝謝！

SuiYan

謝謝. 我沒有開port 21/22 給router 入來.
我要時. remote wake on lan Power-on屋企部電腦, 再vnc 電腦去telnet/ssh..
另外PORT 8088 也沒有對外開放.

角色

回復 5# SuiYan

还有你的Asterisk Server的Linux的port 22，最好不开，因为hacker会hack你的Linux系统，如果你的Linux root admin password不够复杂或者够长的话，他们hack到你的router后，你的Asterisk server就惨了！

1）例如我的port 22，用前面的router把它改成其他port，或者port 22 blocked （router做），然后用VPN进入你系统的网络。
2）Linux Root Administration Password, 像我的Root Password是13位。
3）Asterisk Extension password, 像我，CCNNNNNN，前面两个characters，后面六个是numerical digits。
4）再加上我之前跟你说的东西。

SuiYan

謝謝.

立即改了, 和加強了密碼.