similar to: Investigating international calls fraud

You don't mention if the phone is remote, or local. Although you do mention it had a default user/pass. If the UI of the phone was/is accessible from the I'net, the GUI does have the ability to place a call from it, that is one way the calls could have been placed. From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Steven

On 29 Jan 2015, at 11:07, Administrator TOOTAI wrote: > Le 28/01/2015 22:03, Steven McCann a ?crit : >> Hello, > > Hi > >> >> I'm investigating a situation where there was a hundreds of minutes >> of >> calls from an internal SIP extension to an 855 number in Cambodia, >> resulting in a crazy ($25,000+) bill from the phone company. I'm

Do you have DISA setup? We're seeing lots of attackers running scripts that send digits until they strike a DISA, misconfigured mailbox, etc. (Assuming it wasn't a stupid employee forwarding an inbound call to a 9xxxxxxx number etc). Have a look at SecAst (www.generationd.com) - it detects callers sending too many digits, monitors digit dialing speeds, etc. to help identify and block

I?ve seen the following exploits of Asterisk / FreePBX boxes: 1) Default PlcmSpIp username and password for Polycom provisioning 2) Insecure SIP usernames and secrets 3) FreePBX GUI accessable from the internet 4) OS remote exploit (maybe ssh/ssl exploit) Mitigation options: 1) Don?t use an easy to guess or default password on provisioning servers. 2) Use secure secrets. Users never

Hmm the calls are made during the day (and sometimes very early in the morning). Right now it looks like someone actually made these calls. If that is the case it's somewhat comforting to know the system wasn't compromised. However, the $25,000 phone bill still remains. Yikes. $6.25 per minute to Cambodia seems quite steep to me. On Wed, Jan 28, 2015 at 6:07 PM, Duncan Turnbull <duncan

Le 28/01/2015 22:03, Steven McCann a ?crit : > Hello, Hi > > I'm investigating a situation where there was a hundreds of minutes of > calls from an internal SIP extension to an 855 number in Cambodia, > resulting in a crazy ($25,000+) bill from the phone company. I'm > investigating, but can anyone provide some feedback on what's happened > here? I'm

> Hmm the calls are made during the day (and sometimes very early in the > morning). Right now it looks like someone actually made these calls. If > that is the case it's somewhat comforting to know the system wasn't > compromised. However, the $25,000 phone bill still remains. Yikes. $6.25 > per minute to Cambodia seems quite steep to me. Since the Mitel had a default

Did you have a look at the phone it self already? Is call forwarding activated or something and can you call the phone/extension from externally? I have seen this in the past where an employee enabled call forwarding on the phone and once at home he or family called the phone which forwarded the call to abroad. Good luck. Michel. Op 29-01-15 om 12:51 schreef dk at donkelly.biz: > It's

It's very unlikely that this was an employee calling Mom for 66 hours (I'm assuming these calls appeared on a single bill). It's also unlikely that someone "inside" would benefit financially from making these calls. (Follow the money!) Don't discount the possibility that you've overlooked something in the firewall. Meanwhile, does the client need to do international

Hi, Embarrassed as I am to write this, I am hoping for some advice. One of our very first PBX installs, now six years old, was "taken advantage of" over the past few weeks. A victim of sipvicious, I assume, that managed to guess one of the SIP passwords. 4000 calls to various middle eastern destinations have been placed, which ended up being sent over our customer's PSTN

Hi, I have a client using Mitel 5212 phones in SIP mode with a 1.4.21.1 Asterisk server (and a couple of previous 1.4 versions). They're mostly happy with the combination except for this one issue. For incoming calls only, either originating from other local SIP phones or from a PRI, calls won't get bridged (remote party get's hung up) if the call is answer too quickly on the

hello everyone. i am concerned about security to the PBX and i would like to discuss different fraud detection methods. Apart from making everything to secure the PBX (latest patches, iptables, firewalls, no outside users, strongs passwds,...) i would like to find out if there are any fraud detection techniques. As for my setup i do have a PBX running asterisk 11.4 and it has 3 sip trunks (over

Is anybody using Mitel phones? It appears that when you page a Mitel phone using asterisk's MeetMe, the paged phone will hang up the call its on to take the page. Thanks in advance. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20110621/764a6fa9/attachment.htm>

Hello All, I will like to configure Asterisk to use PIN Code for all outgoing international calls. Also, any suggestions as to when should I prompt users for code prior to dialing the number or after dialing the number? can someone provide with a example on how to accomplish this goal? I am a bit confuse by this :

I worked on some ad data before and I found NYT article very biaised and not far from a fraud... Anyone knows if they got money from a - company - to play 'R'? Check out the title: R U Ready for R? Seems to me this title was stolen from XLSolutions www.xlsolutions-corp.com and they never mentioned XLSolutions in the article! They mentioned commercial R....never mentioned

A SipPulse acaba de liberar o TFPS (www.tfps.co), solu??o para combate a fraudes de fomento de tr?fego internacional em telefonia. O sistema ? capaz de detectar 99.99% das tentaivas de fraude em tempo real. Durante o Webinar, abordaremos como proteger servidores Asterisk e Elastix/FreePBX de fraudes, medidas basicas como configura??o de firewall e remo??o de servi?os desnecess?rios e em seguida

Hi, Some days ago I spent about US$700,00 in a Tormenta III board in www.govarion.com. I used credit card. I didn't receive any answer for my emails and there is no telephone number to contact them.. Now, I'd like to cancel this order, because I couldn?t wait so long, and my credit card was billed. Is www.govarion.com a fraud ???? Does anybody know something about them ?? Thanks.

We have a FreePBX-12 / Asterisk-12 setup that supports about 24 extensions, most internal Snom870s but six or so external (Jitsi-2.8). we use TLS and SRTP everywhere on our side of the fence. The server host is a dedicated atom(tm) box using the FreePBX distro (CentOS-6.x) and is up-to-date. Registrations require very long random passwords and registrable devices are further restricted by

hi, i have strange problem with call-limit/groupcount limiting. i set up limit of 2 calls. i'm using both methods but a for few times i have problem with successfull fraud with more calls than 2 asterisk is 1.8.22 someone with the same problem? any ideas how to solve or debug this problem? -- --------------------------------------- Marek =======================================

On Thu, March 26, 2015 22:29, Michelle Dupuis wrote: > You have to consider whether you really want "anonymous" calls, or you > just want to enable SIP calls from trusted companies/partners. The > latter means setting up routes to these companies and (ideally) > registration between peers. > This is what I am trying to get a handle on. It seemed to me that the promise