Same here, but about 3 months ago. Luckily I was able to stop it after about 30 minutes, but they still got about 100 calls out, I got a lot of calls back from little old ladies wanting to give me their credit card info, scary stuff.
> -----Original Message----- > From: asterisk-biz-boun...@lists.digium.com [mailto:asterisk-biz- > boun...@lists.digium.com] On Behalf Of C. Savinovich > Sent: Friday, February 27, 2009 4:18 PM > To: 'Commercial and Business-Oriented Asterisk Discussion' > Subject: Re: [asterisk-biz] Fraud alert > > > It seems to be the same pattern of people who attacked 3 of my > servers in > a 3 week period a couple of weeks ago. The calls were made mostly to > area > codes 252 and 818 and indeed they showed the caller-id of the phones. > My > customer claims he received a call from the FBI saying that the calls > were > credit card solicitations. The point is, whoever is doing this, is > doing > this massively. > > CS > > -----Original Message----- > From: asterisk-biz-boun...@lists.digium.com > [mailto:asterisk-biz-boun...@lists.digium.com] On Behalf Of > voip-aster...@maximumcrm.com > Sent: Friday, February 27, 2009 4:04 PM > To: Commercial and Business-Oriented Asterisk Discussion > Subject: Re: [asterisk-biz] Fraud alert > > >> I'd suggest to everyone to ban that IP, it's been scanning our > networks > >> from time to time, in a sequential manner by IP. > > > > I've had really good luck with this: > > > > http://www.voip- > info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asterisk > > > > Basically, it automatically blackhols via IPtables any host that > fails a > > certain number of registration attempts in a given period. > > Yeah we're actually rolling it out on all of our production servers, > it's > a great application to run. > > I'm working on some scripts to propagate the bans to the firewall so > that > all of the servers get protected as soon as possible. > > > [default] > > ; Send any unauthenticated calls to the local FBI office > > context=local-fbi-office > > > > I've got a honeypot server that pretty much accepts any calls that > come > > through, and plays a "Thank you for calling the Telecommunications > Fraud > > hotline. Please stay online for the next available representative." > If > they > > stay online for more than 20 seconds, it connects them to an agent at > the > > FBI that we have been working with. > > > > I've been meaning to add some code in that pulls out the originating > IP > > address of the call and tells it to the agent when we call. :) > > That would be great to have! > > _______________________________________________ > --Bandwidth and Colocation Provided by http://www.api-digital.com-- > > asterisk-biz mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-biz > > > _______________________________________________ > --Bandwidth and Colocation Provided by http://www.api-digital.com-- > > asterisk-biz mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-biz _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz