[asterisk-users] PBX hacked: why hundred of calls to the same number ?
Dave Platt
dplatt at radagast.org
Thu Oct 2 12:44:50 CDT 2014
> Is the destination Number like Country Code +972?
>
> +972 59 xxxxxx(x) mobile - Jawall [moving to 7-digit subscriber numbers]
>
> source - http://www.wtng.info/wtng-972-il.html
>
> My SIP Proxy logs all the unauth. INVITEs and I found the a lot calls go
> to the Country code +972 xxxxxxxxxxx
I've seen that a very high percentage of the "SIP probing" my Asterisk
system has seen over the past few years, consist of attempts to phone
numbers in +972 (or, more generally, the West Bank and/or Gaza).
It's consistent enough that I've set up a Fail2Ban rule which slaps a
semi-permanent block on any IP address which tries this, even once.
Since the last time I did a firewall-reset, the resulting iptables rules
have blocked over 2000 call attempts (one attacker at 142.54.180.50 has
tried over 1200 times).
These attempts seem to come from all over the world... I'd guess that
the majority are being sent through 'botted systems.
More information about the asterisk-users
mailing list