Home Page › Forums › Network Management › ZeroShell › my zeroshell compromised [hacked] › Reply To: my zeroshell compromised [hacked]
@dr1 wrote:
Ok for starters the bottom entry is a connection to LDAP, which is normal. So target phasers elsewhere, lol.
Sounds to me, if anything happened, your asterisk machine was hacked.
…but i dont have ldap enabled, nor have i – and on my other zeroshell’s this connection doesn’t exist. also – i had atleast 30 of them simultaneously.
@LL0rd wrote:
I think, it’s more an asterisk problem than a ZeroShell
@atheling wrote:
“firewall chains as per defaults -> accept.”
That might be default to allow you into a new installation to configure it but the more general practice by firewall administrators it to have a default policy of reject and then specific rules to pass desired traffic.
definately my weakness of implementation here. i set up port forwading rules for specific ip address’ but this is clearly inadequate.
after watching and listening for some time with the nmap and connection tracking i observed port scans of the WANs from the same 24 subnet. spoofed ip, or compromised machine at my isp perhaps?
i have since added DROP rules to all NEW connections and created exceptions to the port fwding as required.
many thanks for your help and the lols 🙂
ieee