how to stop this hacker

Get help with installing, upgrading and running Asterisk.

Moderators: muppetmaster, Moderator, Support

how to stop this hacker

Postby striker24x7 » Mon Jun 18, 2012 12:05 am

hi
today morning someone from isreal hacked my asterisk server.
i have blocked his ip as well closed all the ports to my asterisk server in my router.
but still in my asterisk debug its showing the below sip traffic.

37.8.23.205 is the hackers ip and i dont know wat it is 4.4.4.4 , why retransmitting.
can anyone help me how to block it , as it is very crucial for me

Retransmitting #4 (NAT) to 37.8.23.205:5060:
OPTIONS sip:114@4.4.4.4:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.100:5060;branch=z9hG4bK0f6668b3;rport
Max-Forwards: 70
From: "Unknown" <sip:Unknown@192.168.1.100>;tag=as13f2046e
To: <sip:114@4.4.4.4:5060>
Contact: <sip:Unknown@192.168.1.100>
Call-ID: 0b161d654e2ac4721cb4a86137455930@192.168.8.200
CSeq: 102 OPTIONS
User-Agent: FPBX-2.8.1(1.6.2.13)
Date: Mon, 18 Jun 2012 05:44:44 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces, timer
Content-Length: 0
striker24x7
Newsterisk
 
Posts: 36
Joined: Wed Dec 29, 2010 3:07 am
Location: INDIA

Re: how to stop this hacker

Postby david55 » Mon Jun 18, 2012 12:49 am

You are attacking him.

This is the result of a qualify operation.

At a guess, they still have a live registration.

You do not have a valid NAT setup (you are transmitting a non-routable address as your contact and From address).

If this is a left over registration, you are using nat=yes in a context for which it was not intended, although some people suggest it as an anti-hacking measure, and it may even had been effective in this case (it causes the actual IP address and port, rather than those from the Contact header, to be used).
david55
Moves Like Spencer
 
Posts: 10375
Joined: Fri Sep 26, 2008 5:03 am


Return to Asterisk Support

Who is online

Users browsing this forum: karlkeppner, x20099 and 50 guests