- About project
- News
- Opinions
- Debtor companies
- Debt collectors
- Fraud IPs
- 'Twin' companies
- Fraud schemes
- Bank guarantee and credit insurance
- Excessive trust
- Friday night call
- Friday night e-mail
- Giant’s twins
- Groundless disput
- Hardware Servers Hack Via IPMI.
- Intentionally bankruptcy
- Loop calls as the way to earn money
- On behalf of the giant
- Thief accountant
- Unlimited test
- Well known manager
- Well tested route
- Summary
- Hacker IPs
- Informational support
- Legal document list
- Contact us
- Make donation
- Archive
Asterisk security issue
Dear partners,
Due to wide usage of asterisk-based solution by range of customers and existing security issues with Asterisk we kindly ask you to pay closer attention to such customers of yours.
These security issues can lead to big losses caused by "brute force" attacks and generating calls to extremely expensive destinations or premium numbers like Austria Premium, Somalia, Ethiopia, Sierra Leone, etc. Calls happened during night time with unusually high ASR (close to 90%) and ACD (over 15 minutes) parameters.
Solutions are publicly known and described on asterisk website.
Please pay attention to chapters from http://www.asterisk.org/docs
Security
Introduction
Network Security
Dial plan Security
Log Security
Hope that this friendly reminder will keep your business wealthy.
Here is a situation that happens with our partner:
Late in the evening cheater authorized as one of the registered Asterisk users and start sending traffic to expensive destination Sierra Leone Freetown. All numbers are multichannel with several interconnections at one time and call duration from 1 to 26 minutes.
Numbers:
23222281442
23222281431
23222281441
23222281440
23222281202
23222281200
23224001204
23224001204
23222281190
23222281154
23222281154
23222289445
23222289443
23222289444
23222289439
23222289445
When you call to any number there are no RBT (ring back tone), connection delay is 7-10 sec. and you hear only tariffing silence.
Apparently these numbers connected to equipment, working as FAS machine.