Missed calls from "sip" "asterisk" hacked?

[jason559]

This started November 26 with just one IP:
113.105.152.102. It is now added these two: 66.117.50.225, 204.57.122.6. Late last night they hit my extension 10 times.

I have absolutely no idea what to do about this. My PSTN only allows local calls, but I do use Vitelity for LD, so they could make long distance calls from my box if they got in.

[wardmundy]

http://nerdvittles.com/index.php?p=580

[jason559]

I am using PBX in a flash, so step one says I already have IP tables. And directed me to these forums for help

[blakekrone]

We have seen those as well, but only on a couple of extensions and it isn't going through my Piaf serer, seems to be direct ip calls.

[MyKroFt]

use the ip filtering in the extension settings....

[Lost Trunk]

One suggestion I haven't seen mentioned much, but that I think would help, is if you have someone trying to get in from one or more particular IP address(es), add a line (or lines) that specifically blocks them to /etc/asterisk/sip_custom.conf - e.g.:

deny 113.105.152.102/255.255.255.255
deny 66.117.50.225/255.255.255.255
deny 204.57.122.6/255.255.255.255

If this works as I understand, any address you enter in this way should at least be permanently blocked for SIP access. I don''t know if similar lines in iax_additional.conf would block entry using that protocol, but if you don't have any IAX extensions, it's less of a concern anyway.

This isn't a substitute for any of the suggestions in Ward's post, just a possible bit of added protection.