Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
-
HTTP exploit within Elastix code...asterisk, guidance please
Thanks Noway2 for the prompt reply. Yes, we are not seeing any alerts from 66.xxx.xx.0/24 VLAN and we think these are complication because we a running Security Onion in a virtual environment. We have now waited and we have not noticed any alerts, or other evidence, that our recent...- cefinla
- Post #14
- Forum: Security, hacker detection & forensics
-
HTTP exploit within Elastix code...asterisk, guidance please
Today we tried to add a virtual ethernet device in Proxmox for vlan xxx and add IP address 66.xxx.xx.0/24 to the appropriate section in our snort config file (/etc/nsm/onion-eth0/snort.conf) This IP address corresponds to the new vlan we are attempting to make available to our Snort sensor for...- cefinla
- Post #12
- Forum: Security, hacker detection & forensics
-
HTTP exploit within Elastix code...asterisk, guidance please
Hello All-- We have made some good progress...we have now have installed Security Onion in a virtual environment, on our network. We are using Squert, Snorby, and Squil to monitor events as the occur. Our sensor appears to only be monitoring traffic on our private network (subnet)...- cefinla
- Post #10
- Forum: Security, hacker detection & forensics
-
HTTP exploit within Elastix code...asterisk, guidance please
With regards to the suggestions to mitigate these attacks in the future... My working knowledge of Snort is limited. We would like to dedicate a server to Snort and configure Snort to monitor specific servers on our local network. Or, have Snort monitor IP address X on our LAN and monitor...- cefinla
- Post #8
- Forum: Security, hacker detection & forensics
-
HTTP exploit within Elastix code...asterisk, guidance please
Thanks for the kind complement. One of our fixes is to stop deploying Elastix and go a different direction. However, we still need to follow your recommendations you have suggested in your reply. Thanks for the recommendations...now we just need to research our options and take the appropriate...- cefinla
- Post #6
- Forum: Security, hacker detection & forensics
-
HTTP exploit within Elastix code...asterisk, guidance please
Five questions: 1)What version of Debian were you running and how up to date was it on the patches. A: Correction, we are running CentOS 5.4 (Final). Kernel Linux 2.6.24-12 SMP 64bit 2)What version of Elastix were you running, and how up to date was it. Most importantly, are there known...- cefinla
- Post #4
- Forum: Security, hacker detection & forensics
-
HTTP exploit within Elastix code...asterisk, guidance please
Thanks for the through reply. I will try to address the questions that I can answer now. Your recap list is accurate, but I would like to clarify number 3. The file e.g., elastix.php, was created not modified...this file was created in /var/www/html/admin/ directory. The attacker was using...- cefinla
- Post #3
- Forum: Security, hacker detection & forensics
-
HTTP exploit within Elastix code...asterisk, guidance please
Hello All-- First time posting hear. I need some guidance with a security issue. Hear is a note I took at the time we noticed the attack: The attack occurred on our clients virtual machine (Debian), which we host on site. This VM is running our clients PBX and it appears the attacker used...- cefinla
- Thread
- Replies: 13
- Forum: Security, hacker detection & forensics
