Skip to main content

Tags asterisk

How to identify Asterisk servers and upload MOSDEF on AsteriskNOW

Published on Feb 18, 2009 in ,

Originally posted this on EnableSecurity’s blog but cross posting since not everyone is subscribed. IAX2Scan and AsteriskNOW_Exec - security testing for Asterisk from Sandro Gauci on Vimeo.…

Read more »

OSSEC v1.5 now has builtin Asterisk rules

Published on May 2, 2008 in ,

A new OSSEC version has been released. Along with a number of updates, OSSEC now includes the Asterisk rules that were first published in my hakin9 article and then here. The rest of the updates are described in the Changelog. Grab it now.…

Read more »

Using OSSEC to detect attacks on an Asterisk box

Published on Mar 15, 2008 in , ,

This post is an echo on the previous post which describes how to configure snort to detect SIP attacks. This time we look at detecting attacks at the PBX’s end rather than by monitoring network traffic. OSSEC allows us to do just this - it is a host intrusion detection system that can do matching on log files and actively react to attack. By default OSSEC does not have support for Asterisk.…

Read more »

SIP, TLS and Asterisk 1.6

Published on Feb 8, 2008 in ,

Until a few weeks ago, to enable TLS support in Asterisk you had to apply patches to the source code. As of version 1.6, Asterisk will have native TLS support for SIP transport, making it one of the few IP PBX systems out there that support this security feature. Too many experts suggest encryption as a solution to the VoIP confidentiality issues, but in reality the number of PBX and IP phones that support is still very low and many times it is not a viable solution.…

Read more »