[asterisk-users] Someone has hacked into our system

Gary Kuznitz docfxit at theoffice.la
Mon Nov 22 17:10:31 CST 2010


Thank you very much for help in finding the log.

I have the log now. I'd like to know what to look for in trying to figure out how the 
calls are getting originated. I'd be happy to shere all the information. I just don't 
want to post information on this public list that might show other people how to get in 
to our box.

Thanks you,

Gary Kuznitz



On 22 Nov 2010 at 13:11, Danny (Danny Nicholas <danny at debsinc.com>) commented 
about RE: [asterisk-users] Someone has hacked into our :



From: Gary Kuznitz [mailto:docfxit at theoffice.la] 
Sent: Monday, November 22, 2010 12:20 PM
To: Danny Nicholas
Subject: Re: [asterisk-users] Someone has hacked into our system


Thank you for the quick response.

Comments below...

I am not familiar with navigating Asterisk. Would you please help me understand how 
to see the CDR?

Thank you,

Gary Kuznitz

By default, Asterisk keeps the CDR as a "flat-file" in /var/log/asterisk/cdr-csv/Master.csv 
which you can open in Excel for easy viewing. If you have a custom cdr (see 
/etc/asterisk/cdr.conf or /etc/asterisk/cdr_custom.conf for more information), your CDR 
might be stored in a MYSQL table or some other place.I would start under the assumption 
that you have the flat file available.Once you have it open, use this link as a guide
http://www.voip-info.org/wiki/view/Asterisk+cdr+csv

Fields 
*   accountcode: What account number to use: Asterisk billing account, (string, 20 
    characters) 
*   src: Caller*ID number (string, 80 characters) 
*   dst: Destination extension (string, 80 characters) 
*   dcontext: Destination context (string, 80 characters) 
*   clid: Caller*ID with text (80 characters) 
*   channel: Channel used (80 characters) 
*   dstchannel: Destination channel if appropriate (80 characters) 
*   lastapp: Last application if appropriate (80 characters) 
*   lastdata: Last application data (arguments) (80 characters) 
*   start: Start of call (date/time) 
*   answer: Answer of call (date/time) 
*   end: End of call (date/time) 
*   duration: Total time in system, in seconds (integer) 
*   billsec: Total time call is up, in seconds (integer) 
*   disposition: What happened to the call: ANSWERED, NO ANSWER, BUSY, 
    FAILED 
*   amaflags: What flags to use: see amaflags::DOCUMENTATION, BILL, IGNORE 
    etc, specified on a per channel basis like accountcode. 
You will want to see if there are any "peculiar" src fields on your international calls (dst).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: WPM$68B7.PM$
Type: application/octet-stream
Size: 14868 bytes
Desc: Mail message body
Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20101122/5520116c/attachment-0001.obj 


More information about the asterisk-users mailing list