The UI (or anything really) is not open to the internet. The only things open are SSH and RDP (on alternate ports). The freepbx web interface has a strong username/password. The only weakness I see is a weak secret SIP password, and default mitel admin password used. There is no provisioning server for the Mitel phones right now.
The phone system is on the same subnet/VLAN as the internal network. My guess is some internal computer has a trojan which allowed attackers to do some internal configuration changes. I don't yet know how they launched an outbound call from the internal extension. On Wed, Jan 28, 2015 at 4:38 PM, Terry Brummell <te...@brummell.net> wrote: > You don't mention if the phone is remote, or local. Although you do > mention it had a default user/pass. If the UI of the phone was/is > accessible from the I'net, the GUI does have the ability to place a call > from it, that is one way the calls could have been placed. > > > > > > *From:* asterisk-users-boun...@lists.digium.com [mailto: > asterisk-users-boun...@lists.digium.com] *On Behalf Of *Steven McCann > *Sent:* Wednesday, January 28, 2015 4:03 PM > *To:* asterisk-users@lists.digium.com > *Subject:* [asterisk-users] Investigating international calls fraud > > > > Hello, > > > > I'm investigating a situation where there was a hundreds of minutes of > calls from an internal SIP extension to an 855 number in Cambodia, > resulting in a crazy ($25,000+) bill from the phone company. I'm > investigating, but can anyone provide some feedback on what's happened > here? I'm investigating how this happened as well as what types of > arrangements can be made with the phone company (CenturyLink in Texas). > > > > Some details: > > * PBX is located in Texas > > * Phone carrier is CenturyLink > > * FreePBX distro running asterisk 1.8.14 > > * source SIP extension is Mitel 5212, firmware 08.00.00.04, default admin > password (argh!). Phone is used by many different people. > > > > More PBX setting details: > > * inbound SIP traffic is not allowed through the firewall > > * internal network is not accessed by many > > * FreePBX web interface > > > > *Questions I have at this moment:* > > 1) how were the calls placed? Was the Mitel SIP phone hacked somehow? > Asterisk PBX? > > 2) how does this typically get sorted out with the phone company? they are > charging $6.25 per minute for the Texas to Cambodia calls. The phone system > owners are at fault, but how have these situations worked out in the past? > > > > I'll be tightening things up, but any feedback is appreciated. > > > > Thanks, > > Steve > > > > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users