So I made a firewall rule to drop any traffic going to and from the subnet that was attacking them, it stopped lan traffic but it's still saturating the Wan so I moved the rule from the customers firewall to my core router. No other way unless I have my upstream null it ? I guess the best solution is to find out the networks the sip provider uses and whitelist those and block everything else ? On Feb 27, 2015 11:06 AM, "That One Guy" <thatoneguyst...@gmail.com> wrote:
> people dont take phone security serious enough, untill they get the bills > for the overseas calls > > On Fri, Feb 27, 2015 at 12:33 PM, Tim Reichhart <t...@nwohiobb.com> wrote: > >> This is why you want to run your PBX under hard firewall they do make one >> small firewall just for pbx: >> http://www.pikatechnologies.com/english/view.asp?x=1294 >> >> >> >> Tim >> >> >> >> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy >> *Sent:* Friday, February 27, 2015 1:22 PM >> *To:* af@afmug.com >> *Subject:* Re: [AFMUG] PBX gone crazy? PBX ddos? >> *Importance:* Low >> >> >> >> We have been seeing alot of PBX malicious activity lately, Panasonic in >> particular. >> >> >> >> On Fri, Feb 27, 2015 at 12:02 PM, TJ Trout <t...@voltbb.com> wrote: >> >> Yes, they must be hacked. Although no calls were placed through the >> trunk, weird. >> >> >> >> On Fri, Feb 27, 2015 at 9:44 AM, Tim Reichhart <t...@nwohiobb.com> wrote: >> >> TJ >> >> After looking up that dst ip: >> https://www.google.com/search?q=http%3A%2F%2Fwww.poneytelcom.eu%2F&ie=utf-8&oe=utf-8 >> >> >> >> Why would your customer using ip’s to London for sip calling unless there >> pbx got hacked. >> >> >> >> Tim >> >> >> >> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Tim Reichhart >> *Sent:* Friday, February 27, 2015 12:30 PM >> *To:* af@afmug.com >> *Subject:* Re: [AFMUG] PBX gone crazy? PBX ddos? >> >> >> >> TJ >> >> What kind of ip pbx are they using? Also are they doing the HD calling >> because some IP pbxs allow you to add that G.711 code in it. >> >> >> >> >> Tim >> >> >> >> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *TJ Trout >> *Sent:* Friday, February 27, 2015 12:19 PM >> *To:* af@afmug.com >> *Subject:* [AFMUG] PBX gone crazy? PBX ddos? >> >> >> >> I have a customer with a IP PBX that all of the sudden is using 100% of >> their available upload and download capacity, when I torch them it shows as >> 4 sip connections but using way more bandwidth than a regular sip >> connection? >> >> >> >> http://s7.postimg.org/qy3n03ljv/Untitled.png >> >> >> >> Anyone ever seen something like this? >> >> >> >> >> >> >> >> -- >> >> If you only see yourself as part of the team but you don't see your team >> as part of yourself you have already failed as part of the team. >> > > > > -- > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. >
