[asterisk-users] PBX hacked: why hundred of calls to the same number ?

Rainer Piper rainer.piper at soho-piper.de
Thu Oct 2 01:33:29 CDT 2014


Am 01.10.2014 um 15:48 schrieb Gokan Atmaca:
>> Someone reported me that from a PBX on which someone gained fraudulent
>> access, he could observe hundreds of calls to the same destination
>> number.
>> For curiosity's sake, I'm wondering why would this happen (dialing the
>> same number over and over) ?
>> Some special numbers generate here and there revenues for callees (and
>> not for callers).
>> Beside sharing interests with the callee that get those revenues, why
>> a hacker would like to dial the same numbers over and over ?
>> In other words, in this case, is looking at callee number a promising
>> path to find hackers ?
> Is there a bot virus ? Do you IP address restrictions ?
I have one SIP Proxy without any outbound trunks/routing and this Proxy 
is just collecting bad source IPs and bad destination numbers for the 
database blacklist table
and I use this blacklist table in my productive System.

>
>
>
>
> On Wed, Oct 1, 2014 at 4:36 PM, Administrator TOOTAI <admin at tootai.net> wrote:
>> Le 01/10/2014 11:40, Olivier a écrit :
>>> Hi,
>>
>> Hi
>>
>>> Someone reported me that from a PBX on which someone gained fraudulent
>>> access, he could observe hundreds of calls to the same destination
>>> number.
>>>
>>> For curiosity's sake, I'm wondering why would this happen (dialing the
>>> same number over and over) ?
>>>
>>> Some special numbers generate here and there revenues for callees (and
>>> not for callers).
>>> Beside sharing interests with the callee that get those revenues, why
>>> a hacker would like to dial the same numbers over and over ?
>>
>> callee is also the bad men. Go and buy an 899 number in France, hack PBXS
>> and call your number :-)
>>
>> [...]
>>
>> --
>> Daniel
>>
>>
>> --
>> _____________________________________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>                http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>    http://lists.digium.com/mailman/listinfo/asterisk-users


-- 
*Rainer Piper*
Integration engineer
Koeslinstr. 56
53123 BONN
GERMANY
Phone: +49 228 97167161
P2P: sip:rainer at sip.soho-piper.de:5072 (pjsip-test)
XMPP: rainer at xmpp.soho-piper.de
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20141002/4dfeabff/attachment.html>


More information about the asterisk-users mailing list