Warning for PBX users! PDF Print E-mail
Tuesday, 07 September 2010 14:05

Recently few clients reported that their PBXs have been hacked.

In case any of you were wondering why there has been a fairly notable upswing in the attacks happening on SIP endpoints,
the answer is “script kiddies.”  In the last few months, a number of new tools have made it easy for knuckle-draggers to attack
and defraud SIP endpoints including Asterisk-based systems as the one Switchvoice manufacture. 
There are easily-available tools that scan networks looking for SIP hosts, and then scan hosts looking for valid extensions,
and then scan valid extensions looking for passwords.


There are few simple things you may do to increase the security of your PBXs.

  1. Put your PBX behind router/firewall and open given port only if necessary.
  2. Use not trivial SIP/IAX user names and long difficult passwords. Never use user name and password being the same.
  3. Use the “permit=” and “deny=” lines in sip.conf to only allow a reasonable subset of IP addresses to reach each listed extension/user in your sip.conf file.
    As general practice always do this in case you need to connect to your PBX from outside of your local network and
    therefore you need to open SIP port 5060 on your router.
    This last option we plan to put in the GUI with the next release.
  4. You may consider changing the SSH password of your PBXs being more complex.

Please pay attention before you get hacked.
After all VOIP is to make the communication easier, more convenient and cheap.