Jason,
You should be able to get a lot more information from the asterisk log:
/var/log/asterisk/full you should be able to see the source IP that the
connection was coming from.
Then issue the following commands to block the IP
iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP
iptables -A OUTPUT -d xxx.xxx.xxx.xxx -j DROP
and add the IP to your hosts.deny .
If it was a scam and you can figure out the source IP, you should
contact PhoneBusters.com which is a task force run by the OPP & RCMP.
Mike
On 08/23/2010 7:28 PM, Jason Rose wrote:
Hey all,
I was just hacked, and I cannot tell from where! I am looking thru logs and I
see that calls were made (I caught it early so there werent many) but I cannot
see from which profile in my users.conf they were made from.
The callerid on the outbound calls was "new user"<905731xxxx> which is my
outgoing CID with a different name... Everytime the channel name was
SIP/s-b538c888 and it looks like he was dialing direct from "dialplan" - my main
everyone context.
When I found it he was sequential dialing 15754941xxx #s and I re-routed a call
to my desk and it was a phishing scam for chemo federal credit union.
What can I do to gather more data on this and keep people out for good?
Thanks,
Jason
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.851 / Virus Database: 271.1.1/3090 - Release Date: 08/23/10
14:34:00
--
Mike Ashton
Quality Track International
Work: +1 647 724 3500 x251
Cell: +1 416 527 4995
QTI CONFIDENTIAL AND PROPRIETARY INFORMATION
The contents of this material are confidential and proprietary to Quality Track
International, Inc.
and may not be reproduced, disclosed, distributed or used without the express
permission of an authorized representative of QTI.
Use for any purpose or in any manner other than that expressly authorized is
prohibited.
If you have received this communication in error, please immediately delete it
and all copies, and promptly notify the sender.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
