Sponsor: VoiceMeUp - Corporate & Wholesale VoIP Services

VoIP Mailing List Archives
Mailing list archives for the VoIP community
 SearchSearch 

[Callweaver-users] Brute force hacking tentative


 
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> CallWeaver Users
View previous topic :: View next topic  
Author Message
hgp at plomac.com
Guest





PostPosted: Thu Jul 29, 2010 2:09 pm    Post subject: [Callweaver-users] Brute force hacking tentative Reply with quote

Hello,

While checking the message log from callweaver I noticed about 250 000
registrations failure from hackers.

They usually try to register extensions from 0 to 9999 and a list of
common names and departments.
Once they found valid extensions they try brute force password method.
They send more or less 35 requests per second.

Best regards,
Harold

Those ip's have done extensions guess :
85.214.69.155
212.95.47.154
77.81.133.217
208.94.244.75
201.238.222.83
204.236.173.58
72.20.6.198
174.129.48.195
78.41.97.68
213.165.91.132
125.210.200.164
204.236.159.154
174.36.237.83
194.44.244.187
88.103.219.182
201.90.135.110
200.110.68.228
213.180.95.219

Those ip's have done extensions guess and password brute force :
174.36.237.83
88.103.219.182

Typical attack look like this :
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from
'"operator"<sip:operator@85.27.12.150>' failed for '208.94.244.75' -
Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from
'"asterisk"<sip:asterisk@85.27.12.150>' failed for '208.94.244.75' -
Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from '"122"<sip:122@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from '"123"<sip:123@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from '"oracle"<sip:oracle@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from '"temp"<sip:temp@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from '"124"<sip:124@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from '"125"<sip:125@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from '"jobs"<sip:jobs@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from '"shop"<sip:shop@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from '"126"<sip:126@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from '"127"<sip:127@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from '"help"<sip:help@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from '"128"<sip:128@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from '"orders"<sip:orders@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from '"129"<sip:129@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from '"aaron"<sip:aaron@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from '"steve"<sip:steve@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from '"130"<sip:130@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from '"131"<sip:131@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from '"dave"<sip:dave@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:03 NOTICE[27106] chan_sip.c: Registration from '"paul"<sip:paul@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch

and :
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from '"393"<sip:393@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from '"394"<sip:394@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from '"395"<sip:395@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from '"396"<sip:396@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from '"397"<sip:397@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from '"398"<sip:398@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from '"399"<sip:399@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from '"400"<sip:400@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from '"401"<sip:401@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from '"402"<sip:402@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from '"403"<sip:403@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from '"404"<sip:404@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from '"405"<sip:405@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from '"406"<sip:406@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from '"407"<sip:407@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch
Feb 23 21:12:06 NOTICE[27106] chan_sip.c: Registration from '"408"<sip:408@85.27.12.150
Quote:
' failed for '208.94.244.75' - Username/auth name mismatch

Brute force :
Apr 29 08:33:18 NOTICE[257] chan_sip.c: Registration from '"10" <sip:10@192.168.1.98
Quote:
' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:18 NOTICE[257] chan_sip.c: Registration from '"10" <sip:10@192.168.1.98
Quote:
' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:18 NOTICE[257] chan_sip.c: Registration from '"10" <sip:10@192.168.1.98
Quote:
' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:18 NOTICE[257] chan_sip.c: Registration from '"10" <sip:10@192.168.1.98
Quote:
' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:18 NOTICE[257] chan_sip.c: Registration from '"10" <sip:10@192.168.1.98
Quote:
' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:18 NOTICE[257] chan_sip.c: Registration from '"10" <sip:10@192.168.1.98
Quote:
' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:19 NOTICE[257] chan_sip.c: Registration from '"10" <sip:10@192.168.1.98
Quote:
' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:19 NOTICE[257] chan_sip.c: Registration from '"10" <sip:10@192.168.1.98
Quote:
' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:19 NOTICE[257] chan_sip.c: Registration from '"10" <sip:10@192.168.1.98
Quote:
' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:19 NOTICE[257] chan_sip.c: Registration from '"10" <sip:10@192.168.1.98
Quote:
' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:19 NOTICE[257] chan_sip.c: Registration from '"10" <sip:10@192.168.1.98
Quote:
' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:19 NOTICE[257] chan_sip.c: Registration from '"10" <sip:10@192.168.1.98
Quote:
' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:19 NOTICE[257] chan_sip.c: Registration from '"10" <sip:10@192.168.1.98
Quote:
' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:19 NOTICE[257] chan_sip.c: Registration from '"10" <sip:10@192.168.1.98
Quote:
' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:19 NOTICE[257] chan_sip.c: Registration from '"10" <sip:10@192.168.1.98
Quote:
' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:19 NOTICE[257] chan_sip.c: Registration from '"10" <sip:10@192.168.1.98
Quote:
' failed for '174.36.237.83' - Wrong password
Apr 29 08:33:19 NOTICE[257] chan_sip.c: Registration from '"10" <sip:10@192.168.1.98
Quote:
' failed for '174.36.237.83' - Wrong password

_______________________________________________
Callweaver-users mailing list
Callweaver-users@callweaver.org
http://lists.callweaver.org/mailman/listinfo/callweaver-users
Back to top
dieter at megs.co.za
Guest





PostPosted: Fri Jul 30, 2010 2:40 am    Post subject: [Callweaver-users] Brute force hacking tentative Reply with quote

Fail2ban (www.fail2ban.org) works fine with Callweaver.
It is also open-source
Brute-force attacks are no longer as effective when using this.

Best regards,
Dieter Smith

_______________________________________________
Callweaver-users mailing list
Callweaver-users@callweaver.org
http://lists.callweaver.org/mailman/listinfo/callweaver-users
Back to top
edu at syp2u4c.com
Guest





PostPosted: Fri Jul 30, 2010 1:28 pm    Post subject: [Callweaver-users] Brute force hacking tentative Reply with quote

Dieter Smith wrote:
I definitely think if it would have a gui like freePbx and packaged
properly it would be more alive or rather alive. the way I understand
form users that it has less bugs then asterisk.
Hershel
Quote:
Fail2ban (www.fail2ban.org) works fine with Callweaver.
It is also open-source
Brute-force attacks are no longer as effective when using this.

Best regards,
Dieter Smith

_______________________________________________
Callweaver-users mailing list
Callweaver-users@callweaver.org
http://lists.callweaver.org/mailman/listinfo/callweaver-users



_______________________________________________
Callweaver-users mailing list
Callweaver-users@callweaver.org
http://lists.callweaver.org/mailman/listinfo/callweaver-users
Back to top
Display posts from previous:   
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> CallWeaver Users All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

VoiceMeUp - Corporate & Wholesale VoIP Services