Fwd: [App_rpt-users] Asterisk Manager hack attempts
4 views
Skip to first unread message
Bob Brown - WØNQX
Dec 8, 2013, 6:41:15 PM12/8/13
to BYRG IT GROUP, R & D
--
Thanks in Advance
Bob Brown, WØNQX
Kansas City Metro Area
Thanks in Advance
Bob Brown, WØNQX
Kansas City Metro Area
---------- Forwarded message ----------
From: Jim Duuuude <teles...@hotmail.com>
Date: Sun, Dec 8, 2013 at 3:28 PM
Subject: [App_rpt-users] Asterisk Manager hack attempts
To: app_rpt mailing list <app_rp...@ohnosec.org>
_______________________________________________
App_rpt-users mailing list
App_rp...@ohnosec.org
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
From: Jim Duuuude <teles...@hotmail.com>
Date: Sun, Dec 8, 2013 at 3:28 PM
Subject: [App_rpt-users] Asterisk Manager hack attempts
To: app_rpt mailing list <app_rp...@ohnosec.org>
This morning, I saw a bunch of these on my asterisk log:
[Dec 8 02:03:52] NOTICE[13322]: manager.c:1034 authenticate: 77.79.83.154 failed to authenticate as 'admin'
It would appear that someone is scanning for open Asterisk Manager ports.
As distributed, our "stuff" (ACID, Limey Linux, Pickle, etc) has the configuration file
for the Asterisk manager configured in a way that does not allow external access
(local interface only). However, those of you who are running things (such as Allmon)
that use the Asterisk Manager should be EXTRA careful that you CHANGE THE PASSWORD
from the normal default one provided in the configuration file(s), and that there is
one and only one user defined in the file (unless, of course, you have a good reason
for having more then one, and you "know what you are doing").
Jim WB6NIL
[Dec 8 02:03:52] NOTICE[13322]: manager.c:1034 authenticate: 77.79.83.154 failed to authenticate as 'admin'
It would appear that someone is scanning for open Asterisk Manager ports.
As distributed, our "stuff" (ACID, Limey Linux, Pickle, etc) has the configuration file
for the Asterisk manager configured in a way that does not allow external access
(local interface only). However, those of you who are running things (such as Allmon)
that use the Asterisk Manager should be EXTRA careful that you CHANGE THE PASSWORD
from the normal default one provided in the configuration file(s), and that there is
one and only one user defined in the file (unless, of course, you have a good reason
for having more then one, and you "know what you are doing").
Jim WB6NIL
_______________________________________________
App_rpt-users mailing list
App_rp...@ohnosec.org
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
Reply all
Reply to author
Forward
0 new messages