[asterisk-biz] Fraud alert

C F shmaltz at gmail.com
Fri Feb 27 11:16:08 CST 2009


I always thought it'll never happen to me and I'm glad it didn't
happen to a customer just to me.
My asterisk that I use for both my business and light testing doesn't
have SIP 5060 accessible from the Internet usually. I'm therefore not
that careful when creating SIP accounts for testing to tighten the
password.
2 weeks ago during troubleshooting something I forwarded 5060 to my
asterisk box and forgot to disable it.
This morning I logged in to troubleshoot some stupidity, at which
point I noticed phone calls flying thru my system.
I checked and found:
* Port 5060 is still open
* Some stupid sip friend I created for testing purposes about 3 years
ago still existed, the settings were: 122 secret/122 that was used in
the
* Checked my CDRs and realized they made 479 calls the first one being
at 2/26/2009 14:41.
* I realized I'm lucky and they only robbed me $1.91, yes total
billable seconds only came to $1.91.
* The phone numbers they were calling were consecutive order in a
specific NPA-NXX

I listened in on the calls (chan_spy) and was able to figure out it
was some scam to get personal info.
Whats really bothers me is that since they couldn't actually access my
box - just SIP credentials - they were using the default internal DP
which gave my CallerID.
I'm expecting some phone calls from some angry people :P

The IP address is:
88.151.100.167

I know it's totally my fault and I'm extremely lucky to have caught
them so early.



More information about the asterisk-biz mailing list