[asterisk-users] do carriers detect unusual / unauthorized VoIP calling patterns?
Jeff Brower
jbrower at signalogic.com
Fri Sep 17 12:10:11 CDT 2010
All-
Recently an Asterisk server we host was hacked and used to route some unauthorized calls. We have since improved our
security measures, including installation of fail2ban.
The interesting thing is the way in which this was discovered. The unauthorized calls were occurring intermittently
last Thurs evening thru Sat morning. On Sat morning, some of our employees were attempting to log-in remotely to a
company e-mail server and one found that his provider, Verizon, had blocked the server static IP.
My question: do carriers build some type of "internal blacklist" if they detect unusual VoIP calling patterns? And
possibly trade that between themselves, for example one carrier detects it, and after some time other carriers are
aware? The carrier was used for the unauthorized calls is Tata... I'm curious as to why Verizon (evidently) knew
before Tata.
-Jeff
PS. Interesting footnote: upon learning of the Verizon block, one of our employees drove to the lab and disconnected
the VoIP subnet (with the Asterisk box), reset some routers, etc in an attempt to get the company remote e-mail
working again. He didn't know it at the time, but in so doing, he cut off the hackers "in mid call" (hehe) and saved
a bunch of $$.
More information about the asterisk-users
mailing list