Let’s be clear, we love Asterisk. If someone wants an easy to configure PBX, we send them that way, and indeed our own new non-technical staff have to build a service on Asterisk as part of their training.
We also love fail2ban. It is an extremely useful tool to auto-block failed logins and one of the essential components in securing your PBX.
However, in our numerous talks about VoIP Fraud over recent years we have repeatedly found that next only to apathy, the main problem is over-confidence. Where over-confident a common response is “We don’t need to worry about fraud because we run fail2ban.”
Well, we disagreed with that sentiment years ago but nothing is constant and the bad guys know how to evolve to defeat mainstream solutions. Certainly, if one was to poll PBX models Asterisk would top it and similarly fail2ban would be a mainstay of the methods used in securing it. That sounds like rich pickings are to be had in working around it to me.
We’re just putting the finishing touches to our 2016 VoIP Fraud Analysis which will be available in the New Year but we wanted to put you on notice: it reveals marked changes in fraudster behaviour and shows an increased exploit of a feature of Asterisk that enables key stages of an attack to sail right by fail2ban un-logged and likely un-noticed. Other stages have also evolved to work with tools such as this.
If you rely heavily on this, now might be the time to consider additional protections.
Our paper will be available soon…