[asterisk-users] Someone has hacked into our system
Danny Nicholas
danny at debsinc.com
Mon Nov 22 10:37:04 CST 2010
_____
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Gary Kuznitz
Sent: Monday, November 22, 2010 10:23 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: [asterisk-users] Someone has hacked into our system
Someone has hacked into our system and is making calls overseas.
How can I:
1. Find out the where the calls are originating from?
2. Block all calls that are not authorized?
Our system is in the USA.
Only calls from inside our LAN are allowed.
Thank you,
Gary Kuznitz
For #1, start with the CDR. You know that X is calling an overseas number.
Determine who X is (or is supposed to be)
For #2 (and the rest of #1) restrict your dialing access to a known set of
IP's. If you have 5 phones (softphones or actual handsets), block
everything that doesn't start with those 5 IP addresses.
The first thing I would do is to change all of your passwords in sip.conf
and do a sip reload. That will slow down or temporarily stop the hacker.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20101122/63a29575/attachment.htm
More information about the asterisk-users
mailing list