Yes, they must be hacked. Although no calls were placed through the trunk, weird.
On Fri, Feb 27, 2015 at 9:44 AM, Tim Reichhart <[email protected]> wrote: > TJ > > After looking up that dst ip: > https://www.google.com/search?q=http%3A%2F%2Fwww.poneytelcom.eu%2F&ie=utf-8&oe=utf-8 > > > > Why would your customer using ip’s to London for sip calling unless there > pbx got hacked. > > > > Tim > > > > *From:* Af [mailto:[email protected]] *On Behalf Of *Tim Reichhart > *Sent:* Friday, February 27, 2015 12:30 PM > *To:* [email protected] > *Subject:* Re: [AFMUG] PBX gone crazy? PBX ddos? > > > > TJ > > What kind of ip pbx are they using? Also are they doing the HD calling > because some IP pbxs allow you to add that G.711 code in it. > > > > > Tim > > > > *From:* Af [mailto:[email protected]] *On Behalf Of *TJ Trout > *Sent:* Friday, February 27, 2015 12:19 PM > *To:* [email protected] > *Subject:* [AFMUG] PBX gone crazy? PBX ddos? > > > > I have a customer with a IP PBX that all of the sudden is using 100% of > their available upload and download capacity, when I torch them it shows as > 4 sip connections but using way more bandwidth than a regular sip > connection? > > > > http://s7.postimg.org/qy3n03ljv/Untitled.png > > > > Anyone ever seen something like this? >
