Пожалуйста, войдите здесь. Часто задаваемые вопросы О нас
Задайте Ваш вопрос

Взлом Астериска?

0

Добрый вечер, уважаемые гуру Астериска! помогите, пожалуйста, разобраться с логами:

ОС: CentOS release 5.9 (Final)

Asterisk: Asterisk 11.4.0

Сборка: Elastix 2.4.0

sipgeneralcustom.conf

allowguest=no

srvlookup=yes

insecure=invite

language=ru

externip=91.241.4.29

localnet=X.X.X.X/255.255.0.0

videosupport=yes

disallow=all

allow=ulaw

allow=alaw

allow=g729

allow=h263

allow=h263p

allow=h264

sip_additional.conf

[6001]

deny=0.0.0.0/0.0.0.0

type=friend

secret=XXXXXXXXXXXXXXXXXXXX

qualify=yes

port=5060

pickupgroup=

permit=0.0.0.0/0.0.0.0

nat=yes

mailbox=6001@device

host=dynamic

dtmfmode=rfc2833

dial=SIP/6001

context=from-internal

canreinvite=no

callgroup=

callerid=device <6001>

callcounter=yes

faxdetect=no

В логах заметил следующую информацию:

[Jul 19 12:32:29] DEBUG[4878] acl.c: For destination '198.98.113.166', our source address is '91.241.4.29'.

[Jul 19 12:32:29] DEBUG[4878] chan_sip.c: Target address 198.98.113.166:5070 is not local, substituting externaddr

[Jul 19 12:32:29] DEBUG[4878] chansip.c: Setting SIPTRANSPORT_UDP with address 91.241.4.29:5060

[Jul 19 12:32:29] DEBUG[4878] chan_sip.c: Allocating new SIP dialog for a53fb2ba4f2ab4dfef53808d1461a4f5 - INVITE (No RTP)

[Jul 19 12:32:29] DEBUG[4878][C-000001cb] chan_sip.c: Trying to put 'SIP/2.0 401' onto UDP socket destined for 198.98.113.166:5070

[Jul 19 12:32:30] DEBUG[4878][C-000001cb] chan_sip.c: Stopping retransmission on 'a53fb2ba4f2ab4dfef53808d1461a4f5' of Response 1: Match Found

[Jul 19 12:32:30] NOTICE[4878][C-000001cb] chan_sip.c: Failed to authenticate device 104<sip:104@91.241.4.29>;tag=ecb09914

[Jul 19 12:32:30] DEBUG[4878][C-000001cb] chan_sip.c: Trying to put 'SIP/2.0 403' onto UDP socket destined for 198.98.113.166:5070

[Jul 19 12:32:30] DEBUG[4878][C-000001cb] chan_sip.c: Stopping retransmission on 'a53fb2ba4f2ab4dfef53808d1461a4f5' of Response 2: Match Found

Здесь, вроде все понятно - пытается подобрать пароль.... Через некоторое время появилось следующее:

[Jul 19 15:54:33] DEBUG[4878] acl.c: For destination '198.98.113.166', our source address is '91.241.4.29'.

[Jul 19 15:54:33] DEBUG[4878] chan_sip.c: Target address 198.98.113.166:5071 is not local, substituting externaddr

[Jul 19 15:54:33] DEBUG[4878] chansip.c: Setting SIPTRANSPORT_UDP with address 91.241.4.29:5060

[Jul 19 15:54:33] DEBUG[4878] chan_sip.c: Allocating new SIP dialog for 8ee25e2c5b26fddaa4b876632ef7fb0f - INVITE (No RTP)

[Jul 19 15:54:33] DEBUG[4878][C-00000208] rtp_engine.c: Using engine 'asterisk' for RTP instance '0x2ade5c66f198'

[Jul 19 15:54:33] DEBUG[4878][C-00000208] resrtpasterisk.c: Allocated port 15168 for RTP instance '0x2ade5c66f198'

[Jul 19 15:54:33] DEBUG[4878][C-00000208] rtp_engine.c: RTP instance '0x2ade5c66f198' is setup and ready to go

[Jul 19 15:54:33] DEBUG[4878][C-00000208] rtp_engine.c: Using engine 'asterisk' for RTP instance '0x2ade5c3659b8'

[Jul 19 15:54:33] DEBUG[4878][C-00000208] resrtpasterisk.c: Allocated port 18166 for RTP instance '0x2ade5c3659b8'

[Jul 19 15:54:33] DEBUG[4878][C-00000208] rtp_engine.c: RTP instance '0x2ade5c3659b8' is setup and ready to go

[Jul 19 15:54:33] DEBUG[4878][C-00000208] resrtpasterisk.c: Setup RTCP on RTP instance '0x2ade5c3659b8'

[Jul 19 15:54:33] VERBOSE[4878][C-00000208] netsock2.c: == Using SIP VIDEO TOS bits 136

[Jul 19 15:54:33] VERBOSE[4878][C-00000208] netsock2.c: == Using SIP VIDEO CoS mark 6

[Jul 19 15:54:33] DEBUG[4878][C-00000208] resrtpasterisk.c: Setup RTCP on RTP instance '0x2ade5c66f198'

[Jul 19 15:54:33] VERBOSE[4878][C-00000208] netsock2.c: == Using SIP RTP TOS bits 184

[Jul 19 15:54:33] VERBOSE[4878][C-00000208] netsock2.c: == Using SIP RTP CoS mark 5

[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Setting NAT on RTP to On

[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Setting NAT on VRTP to On

[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Processing session-level SDP v=0... UNSUPPORTED OR FAILED.

[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Processing session-level SDP o=sipcli-Session 1528307456 2045990749 IN IP4 198.98.113.166... OK.

[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Processing session-level SDP s=sipcli... UNSUPPORTED OR FAILED.

[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Processing session-level SDP c=IN IP4 198.98.113.166... OK.

[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Processing session-level SDP t=0 0... UNSUPPORTED OR FAILED.

[Jul 19 15:54:33] DEBUG[4878][C-00000208] rtp_engine.c: Setting payload 18 based on m type on 0x2ade5a276ac0

[Jul 19 15:54:33] DEBUG[4878][C-00000208] rtp_engine.c: Setting payload 0 based on m type on 0x2ade5a276ac0

[Jul 19 15:54:33] DEBUG[4878][C-00000208] rtp_engine.c: Setting payload 8 based on m type on 0x2ade5a276ac0

[Jul 19 15:54:33] DEBUG[4878][C-00000208] rtp_engine.c: Setting payload 101 based on m type on 0x2ade5a276ac0

[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Processing media-level (audio) SDP a=fmtp:101 0-15... UNSUPPORTED OR FAILED.

[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Processing media-level (audio) SDP a=rtpmap:18 G729/8000... OK.

[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Processing media-level (audio) SDP a=rtpmap:0 PCMU/8000... OK.

[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Processing media-level (audio) SDP a=rtpmap:8 PCMA/8000... OK.

[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Processing media-level (audio) SDP a=rtpmap:101 telephone-event/8000... OK.

[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Processing media-level (audio) SDP a=ptime:20... OK.

[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Processing media-level (audio) SDP a=sendrecv... OK.

[Jul 19 15:54:33] DEBUG[4878][C-00000208] resrtpasterisk.c: Setting RTCP address on RTP instance '0x2ade5c66f198'

[Jul 19 15:54:33] DEBUG[4878][C-00000208] rtp_engine.c: Copying payload 0 from 0x2ade5a276ac0 to 0x2ade5c66f360

[Jul 19 15:54:33] DEBUG[4878][C-00000208] rtp_engine.c: Copying payload 8 from 0x2ade5a276ac0 to 0x2ade5c66f360

[Jul 19 15:54:33] DEBUG[4878][C-00000208] rtp_engine.c: Copying payload 18 from 0x2ade5a276ac0 to 0x2ade5c66f360

[Jul 19 15:54:33] DEBUG[4878][C-00000208] rtp_engine.c: Copying payload 101 from 0x2ade5a276ac0 to 0x2ade5c66f360

[Jul 19 15:54:33] DEBUG[4878][C-00000208] resrtpasterisk.c: Ignoring duplicate RTCP property on RTP instance '0x2ade5c66f198'

[Jul 19 15:54:33] DEBUG[4878][C-00000208] resrtpasterisk.c: Setting RTCP address on RTP instance '0x2ade5c3659b8'

[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: We're settling with these formats: (ulaw|alaw|g729)

[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Checking SIP call limits for device

[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Updating call counter for incoming call

[Jul 19 15:54:33] DEBUG[4854] chan_sip.c: Checking device state for peer 6001

[Jul 19 15:54:33] DEBUG[4854] devicestate.c: Changing state for SIP/6001 - state 5 (Unavailable)

[Jul 19 15:54:33] DEBUG[4854] devicestate.c: device 'SIP/6001' state '5'

[Jul 19 15:54:33] DEBUG[4893] app_queue.c: Device 'SIP/6001' changed to state '5' (Unavailable) but we don't care because they're not a member of any queue.

[Jul 19 15:54:33] DEBUG[4932] manager.c: Examining event:

Event: Newchannel

Privilege: call,all

Channel: SIP/6001-000000a5

ChannelState: 0

ChannelStateDesc: Down

CallerIDNum: 6001

CallerIDName: device

AccountCode:

Exten: 000972597637295

Context: from-internal

Uniqueid: 1374234873.179

[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: * Our native formats are (ulaw)

[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: * Joint capabilities are (ulaw|alaw|g729)

[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: * Our capabilities are (ulaw|alaw|g729|h263|h263p|h264)

[Jul 19 15:54:33] DEBUG[4878][C-00000208] chansip.c: *** ASTCODEC_CHOOSE formats are ulaw

[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: This channel can handle video! HOLLYWOOD next!

[Jul 19 15:54:33] DEBUG[4932] manager.c: Examining event:

Event: VarSet

Privilege: dialplan,all

Channel: SIP/6001-000000a5

Variable: SIPURI

Value: sip:6001@198.98.113.166:5071

Uniqueid: 1374234873.179

[Jul 19 15:54:33] DEBUG[4932] manager.c: Examining event:

Event: VarSet

Privilege: dialplan,all

Channel: SIP/6001-000000a5

Variable: SIPDOMAIN

Value: 91.241.4.29

Uniqueid: 1374234873.179

[Jul 19 15:54:33] DEBUG[4932] manager.c: Examining event:

Event: VarSet

Privilege: dialplan,all

Channel: SIP/6001-000000a5

Variable: SIPCALLID

Value: 8ee25e2c5b26fddaa4b876632ef7fb0f

Uniqueid: 1374234873.179

[Jul 19 15:54:33] DEBUG[4878][C-00000208] chansip.c: buildroute: Contact hop: <sip:6001@198.98.113.166:5071>

[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: SIP/6001-000000a5: New call is still down.... Trying...

[Jul 19 15:54:33] DEBUG[4878][C-00000208] chan_sip.c: Trying to put 'SIP/2.0 100' onto UDP socket destined for 198.98.113.166:5071

[Jul 19 15:54:33] DEBUG[4854] chan_sip.c: Checking device state for peer 6001

[Jul 19 15:54:33] DEBUG[4932] manager.c: Examining event:

Event: Newstate

Privilege: call,all

Channel: SIP/6001-000000a5

ChannelState: 4

ChannelStateDesc: Ring

CallerIDNum: 6001

CallerIDName: device

ConnectedLineNum:

ConnectedLineName:

Uniqueid: 1374234873.179

[Jul 19 15:54:33] DEBUG[4854] devicestate.c: Changing state for SIP/6001 - state 5 (Unavailable)

[Jul 19 15:54:33] DEBUG[4854] devicestate.c: device 'SIP/6001' state '5'

[Jul 19 15:54:33] DEBUG[4893] app_queue.c: Device 'SIP/6001' changed to state '5' (Unavailable) but we don't care because they're not a member of any queue.

[Jul 19 15:54:33] DEBUG[15689][C-00000208] pbx.c: Launching 'ResetCDR'

[Jul 19 15:54:33] VERBOSE[15689][C-00000208] pbx.c: -- Executing [000972597637295@from-internal:1] ResetCDR("SIP/6001-000000a5", "") in new stack

[Jul 19 15:54:33] DEBUG[4932] manager.c: Examining event:

Event: Newexten

Privilege: dialplan,all

Channel: SIP/6001-000000a5

Context: from-internal

Extension: 000972597637295

Priority: 1

Application: ResetCDR

AppData:

Uniqueid: 1374234873.179

[Jul 19 15:54:33] DEBUG[15689][C-00000208] pbx.c: Launching 'NoCDR'

[Jul 19 15:54:33] VERBOSE[15689][C-00000208] pbx.c: -- Executing [000972597637295@from-internal:2] NoCDR("SIP/6001-000000a5", "") in new stack

[Jul 19 15:54:33] DEBUG[4932] manager.c: Examining event:

Event: Newexten

Privilege: dialplan,all

Channel: SIP/6001-000000a5

Context: from-internal

Extension: 000972597637295

Priority: 2

Application: NoCDR

AppData:

Uniqueid: 1374234873.179

[Jul 19 15:54:33] DEBUG[15689][C-00000208] pbx.c: Launching 'Progress'

[Jul 19 15:54:33] VERBOSE[15689][C-00000208] pbx.c: -- Executing [000972597637295@from-internal:3] Progress("SIP/6001-000000a5", "") in new stack

[Jul 19 15:54:33] DEBUG[15689][C-00000208] chan_sip.c: Setting framing from config on incoming call

[Jul 19 15:54:33] DEBUG[4932] manager.c: Examining event:

Event: Newexten

Privilege: dialplan,all

Channel: SIP/6001-000000a5

Context: from-internal

Extension: 000972597637295

Priority: 3

Application: Progress

AppData:

Uniqueid: 1374234873.179

[Jul 19 15:54:33] DEBUG[15689][C-00000208] chan_sip.c: ** Our capability: (ulaw|alaw|g729) Video flag: True Text flag: True

[Jul 19 15:54:33] DEBUG[15689][C-00000208] chan_sip.c: ** Our prefcodec: (nothing)

[Jul 19 15:54:33] DEBUG[15689][C-00000208] chan_sip.c: -- Done with adding codecs to SDP

[Jul 19 15:54:33] DEBUG[15689][C-00000208] chan_sip.c: Done building SDP. Settling with this capability: (ulaw|alaw|g729)

[Jul 19 15:54:33] DEBUG[15689][C-00000208] chan_sip.c: Trying to put 'SIP/2.0 183' onto UDP socket destined for 198.98.113.166:5071

[Jul 19 15:54:33] DEBUG[15689][C-00000208] pbx.c: Launching 'Wait'

[Jul 19 15:54:33] VERBOSE[15689][C-00000208] pbx.c: -- Executing [000972597637295@from-internal:4] Wait("SIP/6001-000000a5", "1") in new stack

[Jul 19 15:54:33] DEBUG[4932] manager.c: Examining event:

Event: Newexten

Privilege: dialplan,all

Channel: SIP/6001-000000a5

Context: from-internal

Extension: 000972597637295

Priority: 4

Application: Wait

AppData: 1

Uniqueid: 1374234873.179

[Jul 19 15:54:33] DEBUG[15689][C-00000208] channel.c: Set channel SIP/6001-000000a5 to write format slin

[Jul 19 15:54:33] DEBUG[15689][C-00000208] channel.c: Scheduling timer at (50 requested / 50 actual) timer ticks per second

[Jul 19 15:54:33] DEBUG[15689][C-00000208] channel.c: Prodding channel 'SIP/6001-000000a5'

[Jul 19 15:54:33] DEBUG[15689][C-00000208] resrtpasterisk.c: Received frame with no data for RTP instance '0x2ade5c66f198' so dropping frame

[Jul 19 15:54:33] DEBUG[15689][C-00000208] channel.c: Started silence generator on 'SIP/6001-000000a5'

[Jul 19 15:54:33] DEBUG[15689][C-00000208] resrtpasterisk.c: Ooh, format changed from unknown to ulaw

[Jul 19 15:54:33] DEBUG[15689][C-00000208] resrtpasterisk.c: Created smoother: format: ulaw ms: 20 len: 160

[Jul 19 15:54:33] DEBUG[15689][C-00000208] resrtpasterisk.c: Starting RTCP transmission on RTP instance '0x2ade5c66f198'

[Jul 19 15:54:34] DEBUG[15689][C-00000208] channel.c: Scheduling timer at (0 requested / 0 actual) timer ticks per second

[Jul 19 15:54:34] DEBUG[15689][C-00000208] channel.c: Stopped silence generator on 'SIP/6001-000000a5'

[Jul 19 15:54:34] DEBUG[15689][C-00000208] channel.c: Set channel SIP/6001-000000a5 to write format ulaw

[Jul 19 15:54:34] DEBUG[15689][C-00000208] pbx.c: Launching 'Progress'

[Jul 19 15:54:34] VERBOSE[15689][C-00000208] pbx.c: -- Executing [000972597637295@from-internal:5] Progress("SIP/6001-000000a5", "") in new stack

[Jul 19 15:54:34] DEBUG[4932] manager.c: Examining event:

Event: Newexten

Privilege: dialplan,all

Channel: SIP/6001-000000a5

Context: from-internal

Extension: 000972597637295

Priority: 5

Application: Progress

AppData:

Uniqueid: 1374234873.179

[Jul 19 15:54:34] DEBUG[15689][C-00000208] pbx.c: Launching 'Playback'

[Jul 19 15:54:34] VERBOSE[15689][C-00000208] pbx.c: -- Executing [000972597637295@from-internal:6] Playback("SIP/6001-000000a5", "silence/1&cannot-complete-as-dialed&check-number-dial-again,noanswer") in new stack

[Jul 19 15:54:34] DEBUG[4932] manager.c: Examining event:

Event: Newexten

Privilege: dialplan,all

Channel: SIP/6001-000000a5

Context: from-internal

Extension: 000972597637295

Priority: 6

Application: Playback

AppData: silence/1&cannot-complete-as-dialed&check-number-dial-again,noanswer

Uniqueid: 1374234873.179

Выходит, он все же смог позвонить через контекст from-internal экстеншена 6001? как это возможно? Экстеншен 6001 даже не был зарегистрирован (+пароль 20 символов)(!) Подскажите ,пожалуйста, куда копать?

удалить закрыть спам изменить тег редактировать

спросил 2013-07-20 01:37:42 +0400

deni Gravatar deni flag of Russian Federation
1 4 4

Comments

Спасибо за ответ. мне самому не нравится выставлять Астериск в интернет (к слову, опубликовал я только SIP и RTP), но таково требование бизнеса - сотрудникам необходима возможность подключения к IP АТС, безо всяких VPN. насчет insecure, действительно, в качестве глобального параметра, он мне не нужен - убрал. но если не ошибаюсь, параметр invite не требует аутентификации входящих сообщений INVITE, но никак не позволяет звонить без авторизации через Asterisk?

deni ( 2013-07-21 00:42:29 +0400 )редактировать

еще как, может. вы сими попробуйте с софтфона без регистрации позвонить с включенной опцией insecure=invite

eyt5297 ( 2013-07-22 10:43:51 +0400 )редактировать

Да, Вы правы - можно. не пробовал, более подробно прочитал про этот параметр. Спасибо вам всем большое за помощь!

deni ( 2013-07-23 15:50:43 +0400 )редактировать

1 Ответ

0

регистрация это не обязательное условие для звонка, она нужна чтобы астериск знал где абонент. Мало того что вы совершили великую глупость, выставив астериск в инет, так еще сделали insecure=invite, т.е. вы разрешили всем звонить через ваш астериск без авторизации. Т.е. взлома как такового и не было. Если через вас назвонили на пару килобаксов, то это будет хорошим уроком.

ссылка удалить спам редактировать

ответил 2013-07-20 09:15:59 +0400

switch Gravatar switch
8334 11 7 91
http://lynks.ru/

Ваш ответ

Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!
[скрыть предварительный просмотр]

Закладки и информация

Добавить закладку

подписаться на rss ленту новостей

Статистика

Задан: 2013-07-20 01:37:42 +0400

Просмотрен: 1,873 раз

Обновлен: Jul 20 '13

Проект компании "АТС Дизайн"
Asterisk® и Digium® являются зарегистрированными торговыми марками компании Digium, Inc., США.
IP АТС Asterisk распространяется под лицензией GNU GPL.