Please identify what kind of firewall and what type of itsp solution you have. Its more likely a pc was hacked, because the cdr data shows the call coming from the proxy, which is not directly exposed except through the firewall. The call "authenticated" because it got "to" the proxy. It is more likely the pc was hijacked.
You would be wise to also look at sipxbridge logs in the same timeframe. ============================ Tony Graziano, Manager Telephone: 434.984.8430 Fax: 434.984.8431 Email: tgrazi...@myitdepartment.net LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 Fax: 434.984.8427 Helpdesk Contract Customers: http://www.myitdepartment.net/gethelp/ ----- Original Message ----- From: sipx-users-boun...@list.sipfoundry.org <sipx-users-boun...@list.sipfoundry.org> To: sipx-users@list.sipfoundry.org users <sipx-users@list.sipfoundry.org> Sent: Fri Feb 19 11:45:55 2010 Subject: [sipx-users] Was I being hacked? I saw in my call detail records a block of about 50 call attempts made within 2 minutes minutes of each other to international numbers, and using a variety of prefixes. All calls showed the status "failed", so I presume they did not connect. The from field was "sip". Here is an example: sip 9011441383417547 2/13/10 5:02 AM 0 seconds Failed My guess is that my server was being probed to see if it could be hijacked for free calls. Does that seem right? What exactly does it mean to have "sip" as the From? Is there a checklist for security measures to ensure that an installation is reasonably protected from such attempts? Thanks, Jeff _______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/ _______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
