[ILUG] Asterisk security
kevin.brennan at redsquared.com
Mon Nov 8 12:42:39 GMT 2010
As many of you may be Asterisk owners or maintainers I think this
mailing list is a good place to highlight the importance of making sure
security has been considered.
We have noticed an increase in compromised Asterisk systems lately
(on the positive side this is in part to do with increased popularity).
With installations on the 'up' it's expected that many less experienced
users will be installing without thinking about security. Unlike most
linux installs, a poorly installed Asterisk system can be an EXPENSIVE
The typical Asterisk attack is a port scan on 5060 followed by a brute
force registration attempts on extensions from 1000 to 1999. Often new
installers will test using 1000/test123, or similar, and forget all
Once compromised the hijacker will start auto-dialing a series of
international numbers which either generate revenue share (through the
many international offshore premium rate number suppliers) or you will
be helping a 'eastern' call shop get nice termination rates.
It's easy to run up a 5K bill over a weekend (I have seen it happen).
Here's a few tips to keeping your install safe
- change your sip port from default 5060 to something different, 5060 is
- make sure you have a correctly installed firewall/iptables
- don't use extensions that are easy to guess (like 1000 - scanners tend
to count from 0 to 9999)
- don't leave passwords like test123 or use dictionary words - min
random 8 letters is ok
- block all destinations, then open the ones you want to call
- monitor calls made on your asterisk system
- use completely separate dial-plans for incoming and outgoing trunks
- limit the channels your extension can call at once
If anyone wants to add some more ..please do.
More information about the ILUG