Asterisk defense or the Cuban epidemic

    Recently, a large wave of Asterisk hacks has begun, followed by the passage of traffic through them to Cuba.
    Since a minute of call per cubic meter costs on average from $ 1 per minute, this can lead to sad consequences (for 17 hours on one of the trunks the balance was lowered to -8000 $).
    The scheme works like this:
    1. Asterisk server is searched on the network
    2. The list of his feasts is selected
    3. Peers passwords are selected
    4. The account is put into the system sorting trunks when making a call.
    5. A lot of Cubans are calling through this system.


    If you buy access to such a system and make a call, you can understand by a delay before the beep that a huge number of hacked Asterisk servers are involved in this scheme.

    Peer selection


    When selecting peers, the method implemented in Sipvicious is used . Peers are scanned for scanning and the Asterisk response is analyzed. For example: To promote this, you need to include the alwaysauthreject directive in sip.conf, which responds to 401 Unauthorized for any authorization errors. After that, the same server, when trying to scan, will respond 401 and the utility will give an error:./svwar.py sip.somewhere
    | Extension | Authentication |
    -------------------------------
    | 607 | reqauth |
    | 606 | reqauth |
    | 601 | reqauth |
    | 600 | reqauth |
    | 300 | reqauth |
    | 900 | reqauth |
    | 100 | reqauth |



    ./svwar.py sip.somewhere
    ERROR:TakeASip:SIP server replied with an authentication request for an unknown extension. Set --force to force a scan.
    WARNING:root:found nothing

    Cuban problem


    If your subscribers are not going to call the cube, then it must be closed in extensions.conf
    For example: You can of course just do Hangup right away, but this action will require you to disconnect our server from the automatic system manually, which is good news. PS To check that you correctly registered the rejection of calls to the cube, you can try to call +53997970. This is a military base and there is always an answering machine.;cuba
    exten => _53.,1,Answer()
    exten => _53.,n,PlayBack(vm-goodbye)
    exten => _53.,n,Hangup()
    ;somali
    exten => _252.,1,Answer()
    exten => _252.,n,PlayBack(vm-goodbye)
    exten => _252.,n,Hangup()




    Also popular now: