The 25000$ @6.25/min means 4000 minutes of calls (or 66H)
Not sure in how many days this has accumulated but i seriously dought this is
made from a human accessing the phone.
The fact that you get the calls at certain times might have to do with the
timezone the calls are going
If you phone
-users-boun...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Dave Platt
Sent: Thursday, January 29, 2015 12:11 AM
To: asterisk-users@lists.digium.com
Subject: Re: [asterisk-users] Investigating international calls fraud
Hmm the calls are made during the day
: [asterisk-users] Investigating international calls fraud
Hmm the calls are made during the day (and sometimes very early in the
morning). Right now it looks like someone actually made these calls.
If that is the case it's somewhat comforting to know the system wasn't
compromised. However
If you have not done so contact the carrier immediately. Report the fraud.
Have them disable international on the account until you have your
security issues addressed.
Ask them to pull call logs containing Source and destination IP address.
for the fraud calls.
If you are sure they came from
I’ve seen the following exploits of Asterisk / FreePBX boxes:
1) Default PlcmSpIp username and password for Polycom provisioning
2) Insecure SIP usernames and secrets
3) FreePBX GUI accessable from the internet
4) OS remote exploit (maybe ssh/ssl exploit)
Mitigation options:
1) Don’t
You don't mention if the phone is remote, or local. Although you do mention it
had a default user/pass. If the UI of the phone was/is accessible from the
I'net, the GUI does have the ability to place a call from it, that is one way
the calls could have been placed.
From:
The UI (or anything really) is not open to the internet. The only things
open are SSH and RDP (on alternate ports). The freepbx web interface has a
strong username/password. The only weakness I see is a weak secret SIP
password, and default mitel admin password used. There is no provisioning
Hmm the calls are made during the day (and sometimes very early in the
morning). Right now it looks like someone actually made these calls. If
that is the case it's somewhat comforting to know the system wasn't
compromised. However, the $25,000 phone bill still remains. Yikes. $6.25
per minute to
Le 28/01/2015 22:03, Steven McCann a écrit :
Hello,
Hi
I'm investigating a situation where there was a hundreds of minutes of
calls from an internal SIP extension to an 855 number in Cambodia,
resulting in a crazy ($25,000+) bill from the phone company. I'm
investigating, but can anyone
of Administrator TOOTAI
ad...@tootai.net
Sent: Wednesday, January 28, 2015 5:07 PM
To: Asterisk Users List
Subject: Re: [asterisk-users] Investigating international calls fraud
Le 28/01/2015 22:03, Steven McCann a écrit :
Hello,
Hi
I'm investigating a situation where there was a hundreds
Sent: Wednesday, January 28, 2015 5:07 PM
To: Asterisk Users List
Subject: Re: [asterisk-users] Investigating international calls fraud
Le 28/01/2015 22:03, Steven McCann a écrit :
Hello,
Hi
I'm investigating a situation where there was a hundreds of minutes of
calls from
On 29 Jan 2015, at 11:07, Administrator TOOTAI wrote:
Le 28/01/2015 22:03, Steven McCann a écrit :
Hello,
Hi
I'm investigating a situation where there was a hundreds of minutes
of
calls from an internal SIP extension to an 855 number in Cambodia,
resulting in a crazy ($25,000+) bill
Hmm the calls are made during the day (and sometimes very early in the
morning). Right now it looks like someone actually made these calls. If
that is the case it's somewhat comforting to know the system wasn't
compromised. However, the $25,000 phone bill still remains. Yikes. $6.25
per
13 matches
Mail list logo
