$2000 calls in one hours? The fraud user must be a professional hacker and should have some kind of VoIP system and 10s (if not hundreds) of friends calling at the same time. <br><br><br><div class="gmail_quote">On Sat, Feb 7, 2009 at 3:46 PM, Gregory Boehnlein <span dir="ltr"><<a href="mailto:damin@nacs.net">damin@nacs.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div link="blue" vlink="purple" lang="EN-US">
<div>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">Let me guess…</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p style="text-indent: -0.25in;"><span style="font-size: 11pt; color: rgb(31, 73, 125);"><span>1.<span style="font-family: "Times New Roman"; font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-size-adjust: none; font-stretch: normal;">
</span></span></span><span style="font-size: 11pt; color: rgb(31, 73, 125);">The Switchvox was open to the Internet</span></p>
<p style="text-indent: -0.25in;"><span style="font-size: 11pt; color: rgb(31, 73, 125);"><span>2.<span style="font-family: "Times New Roman"; font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-size-adjust: none; font-stretch: normal;">
</span></span></span><span style="font-size: 11pt; color: rgb(31, 73, 125);">The extensions were simple (three / four digits) and the
passwords matched the extensions</span></p>
<p style="text-indent: -0.25in;"><span style="font-size: 11pt; color: rgb(31, 73, 125);"><span>3.<span style="font-family: "Times New Roman"; font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-size-adjust: none; font-stretch: normal;">
</span></span></span><span style="font-size: 11pt; color: rgb(31, 73, 125);">The attacker was able to register from the public Internet as
one of the users and send the calls.</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">Sounds much more like an installation done by someone who had no
clue about IP security. Don't blame Switchvox for the installers lack of
a clue.. Switchvox is designed to run behind a firewall, and best practices for
installation would dictate that you be very paranoid about what to allow to
communicate w/ the PBX. Allowing it to be openly accessed on the Public
Internet is shear stupidity.</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">So.. what am I missing here?</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<div style="border-style: none none none solid; border-color: -moz-use-text-color -moz-use-text-color -moz-use-text-color blue; border-width: medium medium medium 1.5pt; padding: 0in 0in 0in 4pt;">
<div>
<div style="border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; border-width: 1pt medium medium; padding: 3pt 0in 0in;">
<p><b><span style="font-size: 10pt;">From:</span></b><span style="font-size: 10pt;">
<a href="mailto:asterisk-biz-bounces@lists.digium.com" target="_blank">asterisk-biz-bounces@lists.digium.com</a>
[mailto:<a href="mailto:asterisk-biz-bounces@lists.digium.com" target="_blank">asterisk-biz-bounces@lists.digium.com</a>] <b>On Behalf Of </b>VIP Carrier<br>
<b>Sent:</b> Saturday, February 07, 2009 6:36 PM<br>
<b>To:</b> Commercial and Business-Oriented Asterisk Discussion<br>
<b>Subject:</b> [asterisk-biz] PBX got Hacked</span></p>
</div>
</div>
<p> </p>
<p></p><div><div></div><div class="Wj3C7c">Guys,<br>
I can't belive that our client's PBX got hacked today.<br>
My client has a SwitchVOX SMB and it got hacked!<br>
some F@ckers with a following IP's <br>
91.121.132.208<br>
69.60.114.222<br>
was able to send a calls in a matter of 1 hr for more then $2000<br>
<br>
what can I say stay a way from switchvox <br>
<br></div></div><font color="#888888">
-- <br>
This message has been scanned for viruses and <br>
dangerous content by <a href="http://www.n2net.net/Products.asp?PageId=1&SubId=14" target="_blank"><b>N2Net
Mailshield</b></a>, and is <br>
believed to be clean. </font>
</div>
</div>
</div>
<br>_______________________________________________<br>
--Bandwidth and Colocation Provided by <a href="http://www.api-digital.com--" target="_blank">http://www.api-digital.com--</a><br>
<br>
asterisk-biz mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-biz" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-biz</a><br></blockquote></div><br>