[122102] in North American Network Operators' Group
RE: How common are wide open SIP gateways?
daemon@ATHENA.MIT.EDU (Drew Weaver)
Fri Feb 5 13:27:24 2010
From: Drew Weaver <drew.weaver@thenap.com>
To: 'David Birnbaum' <davidb@pins.net>, Brandon Ewing <nicotine@warningg.com>
Date: Fri, 5 Feb 2010 13:26:51 -0500
In-Reply-To: <alpine.GSO.1.10.1002051319540.22634@rarevos-pinsdev.pins.net>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Eventually I'll have to get around to setting up netflow so I can detect th=
e scanners before it becomes a problem =3D)
Just not a great deal of 'cohesiveness' with the current open source netflo=
w implementations, and then all of the different Cisco gear has different c=
aveats related to NF, so it's hard to use that as a good way to detect this=
sort of thing, although I'm guessing it can't be too hard to figure out wh=
ich hosts are making a bunch of outbound connections to random IPs on 5060 =
=3D)
-Drew
-----Original Message-----
From: David Birnbaum [mailto:davidb@pins.net]=20
Sent: Friday, February 05, 2010 1:22 PM
To: Brandon Ewing
Cc: nanog@nanog.org
Subject: Re: How common are wide open SIP gateways?
I should have prefaced that with "older installations" as well. As far as =
we=20
can see, most of the newer packages have fixed the known truck-sized holes =
in=20
their default configurations, but given the lack of any formal framework fo=
r=20
testing this stuff, even the "big" switches have been found to have securit=
y=20
issues from time to time.
I have to admit I was surprised at the number of people I've run into over =
the=20
years who unpacked Asterisk, played with a few phones, and stuck themselves=
on=20
the Internet without any clear understanding of how exposed they are.
Cheers,
David.
-----
On Fri, 5 Feb 2010, Brandon Ewing wrote:
> On Fri, Feb 05, 2010 at 12:45:13PM -0500, David Birnbaum wrote:
>> We have noticed a lot of issues with Asterisk 1.2 and some 1.4 rollouts.
>> FreePBX had some truck-sized holes in it.
>>
>
> FreePBX 2.6.0 defaults to refusing anonymous SIP calls. If you enable
> inbound anonymous calls, it includes only the "from-trunk" context, makin=
g
> it behave like a standard incoming over over a configured trunk. If you'=
ve
> configured FreePBX to allow outgoing calls from the trunk context, you ha=
ve
> larger problems in general.
>
> --=20
> Brandon Ewing (nicotine@warningg.c=
om)
>
