And the VoIP scannings just keeps on coming
January 16, 2010
Posted by on
Mark Waters had his Asterisk scanned for extensions without passwords or easy passwords. Mark writes: “I have now set allowguest=no in /etc/asterisk/sip.conf and will monitor how this affects regular incoming calls and also the next ‘attack’”
If he really need his Asterisk available on port 5060, he could use SSH tunneling for the SIP signalling or a port knocking method to open port 5060 from his current IP when needed.
Will check what he does on the next attack.
Have you checked your logs lately?