So your access to the PSTN is via Audiocodes only? Are the AC gateways accessible from the outside?
I suppose a connection from the outside to your LAN (maybe wireless) was able to exploit the AC gateways directly. I don't use AC gateways, so I won't advise you on how to secure them. If the calls are from your gateway, that is where I'd start looking. If the calls are not in the CDR database, then they were not processed through the proxy, which menas a user account was not compromised, so look the the most common point... AC gateway... and perhaps any unsecured or poorly (WEP) secured wireless links that would allow a closeby person access the the geteways on your LAN... Do you have the gateways logging to a syslog server somewhere? On Wed, Jan 12, 2011 at 5:38 AM, Huw Jones <hgw.jo...@llandrillo.ac.uk>wrote: > Hi folks > > We've had a strange situation in our college. Over the Christmas holiday > one of our sites is reported (by BT) to have made thousands of 'suspicious' > calls to Sierra Leone!! I've checked the Call Detail Records on the web > interface and there's no sign of these calls, I've also searched through the > contents of /var/log/sipxpbx/ and there's no sign of the numbers there > either. > > Our SipX server is not visible from outside our own network and it only > interfaces with the outside world via three Audiocodes gateways connected to > ISDN. If the calls were made maliciously I'm at a loss how they did it. :-( > > Can anyone suggest where I might look for further information? I'm pretty > dubious that these calls really have come from our system but I'd like to be > certain!! I'd very much appreciate any advice or suggestions. > > Happy New Year to you all > > Huw > > > ******************************************************************* > Mae'r e-bost yma ac unrhyw ffeiliau a drosglwyddir oddi fewn iddo yn > gyfrinachol, a bwriedir ef ar gyfer yr unigolyn neu'r endidau mae wedi ei > gyfeirio ato'n unig. Os ydych wedi derbyn yr e-bost yma trwy gamgymeriad > hysbyswch y rheolwr system os gwelwch yn dda. > > Mae'r troednodyn yma hefyd yn cadarnhau bod y neges e-bost yma wedi cael ei > wirio gan MIMEsweeper am unrhyw feirysau cyfrifiadurol oedd yn bodoli. > www.mimesweeper.com > ******************************************************************* > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error please notify the system manager. > > This footnote also confirms that this email message has been swept by > MIMEsweeper for the presence of computer viruses. > > www.mimesweeper.com > ******************************************************************* > > > _______________________________________________ > sipx-users mailing list > sipx-users@list.sipfoundry.org > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: tgrazi...@voice.myitdepartment.net Fax: 434.326.5325 Email: tgrazi...@myitdepartment.net LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: helpd...@voice.myitdepartment.net Helpdesk Contract Customers: http://support.myitdepartment.net <http://support.myitdepartment.net>Blog: http://blog.myitdepartment.net Linked-In Profile: http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4
_______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users/