Hi guys,
I use autoprovisioning GAPS from Grandstream. I set a server profile there to use fusionpbx by HTTPS with HTTP authentication, and set HTTP user/pass to let the devices be pointed to my fusionpbx server with HTTP credentials.
Today I got a distributed attack form global IPs, connecting to my fusionpbx server using valid HTTP credentials, and requesting for specific existing MACs, so config for about 6 devices were downloaded, including of course credentials for SIP accounts and started to generate traffic.
I solved stopping these IP addresses by now, but my concern is vector here are all Grandstream devices, in different customers/locations.
My concern is if GAPS was vulnerated some way, and credentials get it from there.
Any similar issue??
thanks in advance
I use autoprovisioning GAPS from Grandstream. I set a server profile there to use fusionpbx by HTTPS with HTTP authentication, and set HTTP user/pass to let the devices be pointed to my fusionpbx server with HTTP credentials.
Today I got a distributed attack form global IPs, connecting to my fusionpbx server using valid HTTP credentials, and requesting for specific existing MACs, so config for about 6 devices were downloaded, including of course credentials for SIP accounts and started to generate traffic.
I solved stopping these IP addresses by now, but my concern is vector here are all Grandstream devices, in different customers/locations.
My concern is if GAPS was vulnerated some way, and credentials get it from there.
Any similar issue??
thanks in advance