I wanted to raise awareness from an experience I had yesterday. I am running vanilla, up-to-date, fpbx distro on my phone server. Our network became unexplainably unreliable, with connections dropping out, and all ssl ports not working properly. I switched my router, and that worked for about 20 minutes, then the same thing happened.
Long story short, turns out the phone server had over 2000 active connections through postfix (smtp port) from various US college ip addresses. I can only guess they were using the machine to send massive amounts of spam.
Because I do not utilize any mail functions for this setup, I quickly “Yum removed” postfix and the amount of connections reported by netstat dropped to about 10.
I wanted to bring this to everyone’s attention. I do not consider myself a security expert but I would guess neither do many other people using a pre-built software package.
Do you have a specific vulnerability that you can point to as we are using the latest Postfix from Centos. Are you sure you just werent hacked. It would seem more like you were hacked. What ports on your PBX do you have opened to the outside world.
This is exactly what anyone would expect if you put a server on the Internet without any security.
In 100’s if not 1000’s of posts are advice to not put your system on a public IP without a firewall and knowing exactly what you are doing. You are still exposing 100’s and vulnerable services.
Why do you need your PBX connected directly to the Internet.
My router has a firewall but the NAT functions and associated crap screwed up the transmission to and fro the trunk so the gentleman at flowroute instructed me to turn off the offending router services.
I can’t think of a subject that is more discussed than NAT and VoIP.
If you are not a networking expert I think the key to success is choosing a firewall/router that other folks have had success with and configuring is well documents.
Personally the Juniper SSG’s and Cisco ASA’s work very well. Both give you a simple way to setup site to site VPN’s if you need them.
Also, you need a static IP. It’s very difficult to secure with a dynamic IP.
I’m set with the static IP so that is all set. Is there anything designed for a smaller operation out there - don’t want to spend thousands of dollars if it is not needed.
Also can you point me in the right direction of these discussions? Many thanks for your expertise!