I see a lot of attempts by hackers to call 00972595301123? or 011972595115207? or variations but that same 972595 is often present. Can someone break down that dial string with an explanation? The 011 look like an overseas call (from Americas), while the 972595XXXXXX is unclear... -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20140326/3816db88/attachment.html>
972 is Israel See: http://en.wikipedia.org/wiki/List_of_country_calling_codes#Ordered_by_code -----Original Message----- From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Michelle Dupuis Sent: Wednesday, March 26, 2014 11:05 AM To: Asterisk Users List Subject: [asterisk-users] Numbers hackers call I see a lot of attempts by hackers to call 00972595301123? or 011972595115207? or variations but that same 972595 is often present. Can someone break down that dial string with an explanation? The 011 look like an overseas call (from Americas), while the 972595XXXXXX is unclear...
On 03/26/2014 10:05 AM, Michelle Dupuis wrote:> > I see a lot of attempts by hackers to call > 00972595301123or 011972595115207 or variations but that same 972595 is > often present. > > > Can someone break down that dial string with an explanation? The 011 > look like an overseas call (from Americas), while the 972595XXXXXX is > unclear... > > >I show that as "Israel Cellular Jawall". j -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20140326/8ac30eca/attachment.html>
Hi The 11 bit is them thinking there's some prefix which will cause your PBX to become an open relay. The number (97259) is a Palestine Mobile number. These's a lot of hacking attempts coming from Palestine and this type of number probably has some revenue generation properties to it. Regards Ish On 26 March 2014 15:05, Michelle Dupuis <mdupuis at ocg.ca> wrote:> I see a lot of attempts by hackers to call 00972595301123 or > 011972595115207 or variations but that same 972595 is often present. > > > Can someone break down that dial string with an explanation? The 011 > look like an overseas call (from Americas), while the 972595XXXXXX is > unclear... > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >-- Ishfaq Malik Department: VOIP Support Company: Packnet Limited t: +44 (0)845 004 4994 f: +44 (0)161 660 9825 e: ish at pack-net.co.uk w: http://www.pack-net.co.uk Registered Address: PACKNET LIMITED, Duplex 2, Ducie House 37 Ducie Street Manchester, M1 2JW COMPANY REG NO. 04920552 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20140326/e6ad4f81/attachment-0001.html>
http://en.wikipedia.org/wiki/Telephone_numbers_in_Israel Looks like it a mobile in Palestine - sure someone from Israel can tell us more.... 2014-03-26 16:05 GMT+01:00 Michelle Dupuis <mdupuis at ocg.ca>:> I see a lot of attempts by hackers to call 00972595301123 or 011972595115207 > or variations but that same 972595 is often present. > > > Can someone break down that dial string with an explanation? The 011 look > like an overseas call (from Americas), while the 972595XXXXXX is unclear... > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users-- Loway - home of QueueMetrics - http://queuemetrics.com Try the WombatDialer auto-dialer @ http://wombatdialer.com
On 26 Mar 2014, at 15:05, Michelle Dupuis <mdupuis at ocg.ca> wrote:> I see a lot of attempts by hackers to call 00972595301123? or 011972595115207? or variations but that same 972595 is often present. > > Can someone break down that dial string with an explanation? The 011 look like an overseas call (from Americas), while the 972595XXXXXX is unclear...It?s an international call to +972595XXXXXX, tried with the 00, 001 and no prefix What is confusing? Steve -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20140326/c824dc1a/attachment.html>
On 03/26/2014 05:05 PM, Michelle Dupuis wrote:> I see a lot of attempts by hackers to call 00972595301123? > or 011972595115207? or variations but that same 972595 is often present. > > > Can someone break down that dial string with an explanation? The 011 > look like an overseas call (from Americas), while the 972595XXXXXX is > unclear...Those lame hacking attempts aren't the big issue - unless you have an insecure SIP-PBX. Germany just got hit with a wave of hacks of Fritz!Box home routers with integrated SIP, causing hundreds of thousands in damage. The big issue is that the ISPs worldwide don't give a crap about complaints! And that's not only some backwater-ISPs in some 3rd world countries! It's mainly the big names, like Hetzner, L3, etc. who - oh well, yeah - send you an autoreply but in the end don't bother doing anything. Just recently was an article, again in a German IT-newsticker, about Hetzner's "abuse handling". They just forward the complaint to their customer, including full contact data - which is pretty much illegal (privacy protection, etc.) - but they don't follow up. I got so fed up that I now put the top 20 of attacking IPs to my website... Current top 5: 1. iWeb (Canada) 2. Level 3 (USA) 3. Dacom (S-Korea) 4. Intergenia (Germany) 5. OVH (France) See http://stefan.gofferje.net/it-stuff/sipfraud Really, if everybody would run statistics on attacks and publish them, those ISPs would pretty quickly not only start reacting to fouled servers but probably start monitoring proactively because being in the top 20 of attacker-IPs ain't good for their reputation... -S -- (o_ Stefan Gofferje | SCLT, MCP, CCSA //\ Reg'd Linux User #247167 | VCP #2263 V_/_ Heckler & Koch - the original point and click interface -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4079 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20140327/5c8ebcbe/attachment.bin>