Reply To: my zeroshell compromised [hacked]

Forums Network Management ZeroShell my zeroshell compromised [hacked] Reply To: my zeroshell compromised [hacked]


@dr1 wrote:

Ok for starters the bottom entry is a connection to LDAP, which is normal. So target phasers elsewhere, lol.
Sounds to me, if anything happened, your asterisk machine was hacked.

…but i dont have ldap enabled, nor have i – and on my other zeroshell’s this connection doesn’t exist. also – i had atleast 30 of them simultaneously.

@LL0rd wrote:

I think, it’s more an asterisk problem than a ZeroShell

@atheling wrote:

“firewall chains as per defaults -> accept.”

That might be default to allow you into a new installation to configure it but the more general practice by firewall administrators it to have a default policy of reject and then specific rules to pass desired traffic.

definately my weakness of implementation here. i set up port forwading rules for specific ip address’ but this is clearly inadequate.

after watching and listening for some time with the nmap and connection tracking i observed port scans of the WANs from the same 24 subnet. spoofed ip, or compromised machine at my isp perhaps?

i have since added DROP rules to all NEW connections and created exceptions to the port fwding as required.

many thanks for your help and the lols 🙂