[asterisk-users] Someone has hacked into our system
Gary Kuznitz
docfxit at theoffice.la
Mon Nov 22 17:10:31 CST 2010
Thank you very much for help in finding the log.
I have the log now. I'd like to know what to look for in trying to figure out how the
calls are getting originated. I'd be happy to shere all the information. I just don't
want to post information on this public list that might show other people how to get in
to our box.
Thanks you,
Gary Kuznitz
On 22 Nov 2010 at 13:11, Danny (Danny Nicholas <danny at debsinc.com>) commented
about RE: [asterisk-users] Someone has hacked into our :
From: Gary Kuznitz [mailto:docfxit at theoffice.la]
Sent: Monday, November 22, 2010 12:20 PM
To: Danny Nicholas
Subject: Re: [asterisk-users] Someone has hacked into our system
Thank you for the quick response.
Comments below...
I am not familiar with navigating Asterisk. Would you please help me understand how
to see the CDR?
Thank you,
Gary Kuznitz
By default, Asterisk keeps the CDR as a "flat-file" in /var/log/asterisk/cdr-csv/Master.csv
which you can open in Excel for easy viewing. If you have a custom cdr (see
/etc/asterisk/cdr.conf or /etc/asterisk/cdr_custom.conf for more information), your CDR
might be stored in a MYSQL table or some other place.I would start under the assumption
that you have the flat file available.Once you have it open, use this link as a guide
http://www.voip-info.org/wiki/view/Asterisk+cdr+csv
Fields
* accountcode: What account number to use: Asterisk billing account, (string, 20
characters)
* src: Caller*ID number (string, 80 characters)
* dst: Destination extension (string, 80 characters)
* dcontext: Destination context (string, 80 characters)
* clid: Caller*ID with text (80 characters)
* channel: Channel used (80 characters)
* dstchannel: Destination channel if appropriate (80 characters)
* lastapp: Last application if appropriate (80 characters)
* lastdata: Last application data (arguments) (80 characters)
* start: Start of call (date/time)
* answer: Answer of call (date/time)
* end: End of call (date/time)
* duration: Total time in system, in seconds (integer)
* billsec: Total time call is up, in seconds (integer)
* disposition: What happened to the call: ANSWERED, NO ANSWER, BUSY,
FAILED
* amaflags: What flags to use: see amaflags::DOCUMENTATION, BILL, IGNORE
etc, specified on a per channel basis like accountcode.
You will want to see if there are any "peculiar" src fields on your international calls (dst).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: WPM$68B7.PM$
Type: application/octet-stream
Size: 14868 bytes
Desc: Mail message body
Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20101122/5520116c/attachment-0001.obj
More information about the asterisk-users
mailing list