And the scanning just keeps on coming
February 22, 2010
Posted by on
A Chinese based server has been very active latest days, and googling the IP addresses ( 126.96.36.199 and 188.8.131.52 ) tells me they have been scanning a long time.
One guy with an Asterisk got hit December 2009 and others back in November. Others starts debugging and asks what it is in public support forums. There will be even more of this scanning coming next months!
Some has added firewall rules like:
But this will not last long until some new IP addresses show up.
What to do about it?
Secure your IP PBX and don’t let port 5060 be open for everybody.
If you must, have very long and strong passwords on all extensions. (or use port knocking..)
Make sure that callers into your PBX is not allowed onto any Outbond context making you pay their calls…