[asterisk-users] Investigating international calls fraud

Administrator TOOTAI admin at tootai.net
Wed Jan 28 16:07:36 CST 2015


Le 28/01/2015 22:03, Steven McCann a écrit :
> Hello,

Hi

>
> I'm investigating a situation where there was a hundreds of minutes of
> calls from an internal SIP extension to an 855 number in Cambodia,
> resulting in a crazy ($25,000+) bill from the phone company. I'm
> investigating, but can anyone provide some feedback on what's happened
> here? I'm investigating how this happened as well as what types of
> arrangements can be made with the phone company (CenturyLink in Texas).
>
> Some details:
> * PBX is located in Texas
> * Phone carrier is CenturyLink
> * FreePBX distro running asterisk 1.8.14
> * source SIP extension is Mitel 5212, firmware 08.00.00.04, default
> admin password (argh!). Phone is used by many different people.
>
> More PBX setting details:
> * inbound SIP traffic is not allowed through the firewall
> * internal network is not accessed by many
> * FreePBX web interface
>
> *Questions I have at this moment:*
> 1) how were the calls placed? Was the Mitel SIP phone hacked somehow?
> Asterisk PBX?

Check your logs. In the full log with verbosity 3 you can follow how 
calls were treated. Also the CDR should give you informations like the 
extension(s) who placed those calls

[...]

-- 
Daniel



More information about the asterisk-users mailing list