Hi All, I hope everyone is having a good break ! If anyone out there has had any of their customers PBX's hacked recently (in the last 2 - 3 weeks) and have experienced a large call flow to say Somalia or some other dodgy destination id be keen to hear from you, I'm after the destination numbers they are dialling. replies off list would be great. cheers davey
The first time it happened was a real eye opener for me - happened three times before I figured out exactly how they were doing it, so we changed our processes. Though we had this come from a subscriber the other day - was a via a pbx set up by a local telephone technician One thing we are doing now is enabling an international toll bar with pin override on our lines by default so that if any hackers do get in, they cannot call anywhere of interest. Sort of as a very last line of defence. I am a big fan of using IAX instead of SIP where possible so that port forwards are not needed and the client PBX can be behind a NAT firewall. Search Results Destination Description Status Date Time Duration 18304338004 Texas USA No answer 17/12/13 13:07:28 0:00:00 18304338004 Texas USA No answer 17/12/13 13:10:03 0:00:00 18304338004 Texas USA No answer 17/12/13 13:11:07 0:00:00 381608332587 VIP Serbia Mobile Ok 17/12/13 13:12:53 0:01:22 381608332587 VIP Serbia Mobile Ok 17/12/13 13:12:51 0:01:25 381608332587 VIP Serbia Mobile Ok 17/12/13 13:12:53 0:01:26 381608332587 VIP Serbia Mobile Ok 17/12/13 13:12:53 0:01:27 381608332587 VIP Serbia Mobile Ok 17/12/13 13:12:53 0:01:29 381608332587 VIP Serbia Mobile Ok 17/12/13 13:14:29 0:02:53 8818370077 Globalstar Global Mobile Ok 17/12/13 13:20:28 0:00:11 8819370067 Globalstar Global Mobile Ok 17/12/13 13:21:07 0:00:15 881844110449 Globalstar Global Mobile Ok 17/12/13 13:21:38 0:00:14 881842011231 Globalstar Global Mobile Ok 17/12/13 13:22:07 0:00:17 88193771250 Globalstar Global Mobile Ok 17/12/13 13:22:41 0:00:11 88213090610 EMSAT Global Mobile Ok 17/12/13 13:23:08 0:00:05 88213090616 EMSAT Global Mobile Ok 17/12/13 13:23:33 0:00:10 88213300111 EMSAT Global Mobile Ok 17/12/13 13:24:02 0:00:08 881935212100 Globalstar Global Mobile Ok 17/12/13 13:25:48 0:00:10 881945110100 Globalstar Global Mobile Ok 17/12/13 13:26:13 0:00:18 881842011300 Globalstar Global Mobile Ok 17/12/13 13:26:47 0:00:05 88241441350 882 Global Mobile Ok 17/12/13 13:32:54 0:00:29 Ray Taylor Taylor Communications ray(a)ruralkiwi.com Ph 021-483-280 Network status 06-929-9082 Description: header_logo From: nznog-bounces(a)list.waikato.ac.nz [mailto:nznog-bounces(a)list.waikato.ac.nz] On Behalf Of Davey Goode Sent: Saturday, 28 December 2013 9:56 a.m. To: NZNOG List Subject: [nznog] Fraud Calls Hi All, I hope everyone is having a good break ! If anyone out there has had any of their customers PBX's hacked recently (in the last 2 - 3 weeks) and have experienced a large call flow to say Somalia or some other dodgy destination id be keen to hear from you, I'm after the destination numbers they are dialling. replies off list would be great. cheers davey
We have spammers/hackers trying to call everything from 111 to 911 to Iran, Iraq and International china phone numbers. We ca On Saturday, December 28, 2013, Ray Taylor wrote:
The first time it happened was a real eye opener for me – happened three times before I figured out exactly how they were doing it, so we changed our processes.
Though we had this come from a subscriber the other day – was a via a pbx set up by a local telephone technician
One thing we are doing now is enabling an international toll bar with pin override on our lines by default so that if any hackers do get in, they cannot call anywhere of interest. Sort of as a very last line of defence.
I am a big fan of using IAX instead of SIP where possible so that port forwards are not needed and the client PBX can be behind a NAT firewall.
Search Results
*Destination*
*Description*
*Status*
*Date*
*Time*
*Duration*
18304338004
Texas USA
No answer
17/12/13
13:07:28
0:00:00
18304338004
Texas USA
No answer
17/12/13
13:10:03
0:00:00
18304338004
Texas USA
No answer
17/12/13
13:11:07
0:00:00
381608332587
VIP Serbia Mobile
Ok
17/12/13
13:12:53
0:01:22
381608332587
VIP Serbia Mobile
Ok
17/12/13
13:12:51
0:01:25
381608332587
VIP Serbia Mobile
Ok
17/12/13
13:12:53
0:01:26
381608332587
VIP Serbia Mobile
Ok
17/12/13
13:12:53
0:01:27
381608332587
VIP Serbia Mobile
Ok
17/12/13
13:12:53
0:01:29
381608332587
VIP Serbia Mobile
Ok
17/12/13
13:14:29
0:02:53
8818370077
Globalstar Global Mobile
Ok
17/12/13
Hi All,
I hope everyone is having a good break !
If anyone out there has had any of their customers PBX's hacked recently (in the last 2 - 3 weeks) and have experienced a large call flow to say Somalia or some other dodgy destination id be keen to hear from you, I'm after the destination numbers they are dialling.
replies off list would be great.
cheers
davey
-- Thanks Christoph
participants (3)
-
Christoph Berthoud
-
Davey Goode
-
Ray Taylor