Page 2 of 6 FirstFirst 1234 ... LastLast
Results 11 to 20 of 52

Thread: Hacker attempts

  1. #11

    Default

    Do you register the units to the Epygi server or do you disable the registration process before it is connected to the internet first time ?

    Kev

  2. #12
    Banned
    Join Date
    Jul 2006
    Location
    Dakabin
    Posts
    79

    Default

    They are disabled before the first connection.

    Mike

  3. #13

    Default

    Well this is interesting, so it must be just several random attackers performing port scanner attempts ..

    Ta,

    Kev

  4. #14

    Default

    I had similar attempts and even though they didn't get in, they flooded the Wan port with enough traffic to cause the PBX to stop registereing anything..........
    In the end we only allowed our ITSP address and my address for remote support, but it still kept trying to access the same IP address even though the router was dropping all packets.
    I had to change the fixed IP as a final measure to stop this from happening as even though the packets were being dropped they still persisted.

    Does anyone know the IP address range for epygi's sip server. I want to also allow this range.

  5. #15

    Default

    Hi Craig

    Use this utility... http://centralops.net/co/

    The IP address for sip.epygi.com is: 74.54.85.200

    At the risk of stating the obvious.. You will always get hack attempts so the FW/Router is your absolute best line of defence. Install the best router or dedicated Firewall that you can afford. Be very specific about allowed routes. Deny everything else.

    Murray

  6. #16
    Quadro Architect
    Join Date
    Jun 2006
    Location
    Around myself
    Posts
    2,075

    Default

    Kev, your idea of hackers using STUN requests to determine VoIP devices could be right... But surely there are other ways to find voip PBX-es too..

    We get from time to time such reports about registration attacks. They happen in completely different countries, and from completely different IP addresses...

    Possible ways to protect yourself from such attackes, is either to allow only specific hosts to contact Quadro (either using "Allowed IP List" or "SIP Access" rule), using the Quadro embedded firewall, or alternatively, use external FW/router as CEC suggests.

    Epygi, from its side, will try to implement some kind of SIP-aware attack detection tools on Quadro, but though this can prevent attacks of most common types, there is always possible that hackers will change theirs tactics, and pass through those filters. Protection from attacks is a separate big challenge, and though we can implement some basic tools, it is better to rely on a separate dedicated deviec for that.

    Best regards,
    David

  7. #17

    Default

    Thanks Murray,

    Do epygi use a range of IP's?

  8. #18
    Quadro Architect
    Join Date
    Jun 2006
    Location
    Around myself
    Posts
    2,075

    Default

    No range. Just one fixed IP.

  9. #19
    Banned
    Join Date
    Jul 2006
    Location
    Dakabin
    Posts
    79

    Default

    Still getting these guy's.
    Hope the Epygi Tech's are focusing on security!
    Mind you, nothing has been successful on any of my Quadro's yet, so well done Epygi Tech's. Don't ever stop. They are trying!!!!!!!!!!!!
    Latest attack was from 67.202.29.184:5075, usual random user name ip log on rubbish.
    I believe the ip address will trace back to a WWII veteran who is bedridden with 67 great grandkids and their families who visited his computer over the holidays.
    Can't really blame him ROFL!!!!
    Kind regards and happy new year to you all.
    Mike
    www.peninsulatelephoneservices.com.au

  10. #20

    Default

    I just got attacked from 204.236.164.208 with this same thing... ie random names "trixbox, harry etc"@204.236.164.208 .. saw it in my system events log with "Rejected nothing configured etc"...

    We have a public IP being served to the epygi. The worrying thing is the only rules in the firewall are in "allowed sip access" and those are specific ip addresses of our VSP and a few remote extensions only... so this appeared to go through the firewall??

    I'm using firmware 5.1.19 configured as Static IP...

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •