Ok for starters the bottom entry is a connection to LDAP, which is normal. So target phasers elsewhere, lol.
Sounds to me, if anything happened, your asterisk machine was hacked.
…but i dont have ldap enabled, nor have i – and on my other zeroshell’s this connection doesn’t exist. also – i had atleast 30 of them simultaneously.
I think, it’s more an asterisk problem than a ZeroShell
“firewall chains as per defaults -> accept.”
That might be default to allow you into a new installation to configure it but the more general practice by firewall administrators it to have a default policy of reject and then specific rules to pass desired traffic.
definately my weakness of implementation here. i set up port forwading rules for specific ip address’ but this is clearly inadequate.
after watching and listening for some time with the nmap and connection tracking i observed port scans of the WANs from the same 24 subnet. spoofed ip, or compromised machine at my isp perhaps?
i have since added DROP rules to all NEW connections and created exceptions to the port fwding as required.
many thanks for your help and the lols 🙂