[asterisk-biz] Fraud alert

[Matt Gibson]

Same here, but about 3 months ago. Luckily I was able to stop it after about
30 minutes, but they still got about 100 calls out, I got a lot of calls
back from little old ladies wanting to give me their credit card info, scary
stuff. 


> -----Original Message-----
> From: asterisk-biz-bounces at lists.digium.com [mailto:asterisk-biz-
> bounces at lists.digium.com] On Behalf Of C. Savinovich
> Sent: Friday, February 27, 2009 4:18 PM
> To: 'Commercial and Business-Oriented Asterisk Discussion'
> Subject: Re: [asterisk-biz] Fraud alert
> 
> 
>   It seems to be the same pattern of people who attacked 3 of my
> servers in
> a 3 week period a couple of weeks ago.  The calls were made mostly to
> area
> codes 252 and 818 and indeed they showed the caller-id of the phones.
> My
> customer claims he received a call from the FBI saying that the calls
> were
> credit card solicitations.  The point is, whoever is doing this, is
> doing
> this massively.
> 
> CS
> 
> -----Original Message-----
> From: asterisk-biz-bounces at lists.digium.com
> [mailto:asterisk-biz-bounces at lists.digium.com] On Behalf Of
> voip-asterisk at maximumcrm.com
> Sent: Friday, February 27, 2009 4:04 PM
> To: Commercial and Business-Oriented Asterisk Discussion
> Subject: Re: [asterisk-biz] Fraud alert
> 
> >> I'd suggest to everyone to ban that IP, it's been scanning our
> networks
> >> from time to time, in a sequential manner by IP.
> >
> > I've had really good luck with this:
> >
> > http://www.voip-
> info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asterisk
> >
> > Basically, it automatically blackhols via IPtables any host that
> fails a
> > certain number of registration attempts in a given period.
> 
> Yeah we're actually rolling it out on all of our production servers,
> it's
> a great application to run.
> 
> I'm working on some scripts to propagate the bans to the firewall so
> that
> all of the servers get protected as soon as possible.
> 
> > [default]
> > ; Send any unauthenticated calls to the local FBI office
> > context=local-fbi-office
> >
> > I've got a honeypot server that pretty much accepts any calls that
> come
> > through, and plays a "Thank you for calling the Telecommunications
> Fraud
> > hotline. Please stay online for the next available representative."
> If
> they
> > stay online for more than 20 seconds, it connects them to an agent at
> the
> > FBI that we have been working with.
> >
> > I've been meaning to add some code in that pulls out the originating
> IP
> > address of the call and tells it to the agent when we call. :)
> 
> That would be great to have!
> 
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
> 
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-biz
> 
> 
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
> 
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-biz