So I made a firewall rule to drop any traffic going to and from the subnet that was attacking them, it stopped lan traffic but it's still saturating the Wan so I moved the rule from the customers firewall to my core router. No other way unless I have my upstream null it ? I guess the best solution is to find out the networks the sip provider uses and whitelist those and block everything else ? On Feb 27, 2015 11:06 AM, "That One Guy" <[email protected]> wrote:
> people dont take phone security serious enough, untill they get the bills > for the overseas calls > > On Fri, Feb 27, 2015 at 12:33 PM, Tim Reichhart <[email protected]> wrote: > >> This is why you want to run your PBX under hard firewall they do make one >> small firewall just for pbx: >> http://www.pikatechnologies.com/english/view.asp?x=1294 >> >> >> >> Tim >> >> >> >> *From:* Af [mailto:[email protected]] *On Behalf Of *That One Guy >> *Sent:* Friday, February 27, 2015 1:22 PM >> *To:* [email protected] >> *Subject:* Re: [AFMUG] PBX gone crazy? PBX ddos? >> *Importance:* Low >> >> >> >> We have been seeing alot of PBX malicious activity lately, Panasonic in >> particular. >> >> >> >> On Fri, Feb 27, 2015 at 12:02 PM, TJ Trout <[email protected]> wrote: >> >> Yes, they must be hacked. Although no calls were placed through the >> trunk, weird. >> >> >> >> On Fri, Feb 27, 2015 at 9:44 AM, Tim Reichhart <[email protected]> wrote: >> >> TJ >> >> After looking up that dst ip: >> https://www.google.com/search?q=http%3A%2F%2Fwww.poneytelcom.eu%2F&ie=utf-8&oe=utf-8 >> >> >> >> Why would your customer using ip’s to London for sip calling unless there >> pbx got hacked. >> >> >> >> Tim >> >> >> >> *From:* Af [mailto:[email protected]] *On Behalf Of *Tim Reichhart >> *Sent:* Friday, February 27, 2015 12:30 PM >> *To:* [email protected] >> *Subject:* Re: [AFMUG] PBX gone crazy? PBX ddos? >> >> >> >> TJ >> >> What kind of ip pbx are they using? Also are they doing the HD calling >> because some IP pbxs allow you to add that G.711 code in it. >> >> >> >> >> Tim >> >> >> >> *From:* Af [mailto:[email protected]] *On Behalf Of *TJ Trout >> *Sent:* Friday, February 27, 2015 12:19 PM >> *To:* [email protected] >> *Subject:* [AFMUG] PBX gone crazy? PBX ddos? >> >> >> >> I have a customer with a IP PBX that all of the sudden is using 100% of >> their available upload and download capacity, when I torch them it shows as >> 4 sip connections but using way more bandwidth than a regular sip >> connection? >> >> >> >> http://s7.postimg.org/qy3n03ljv/Untitled.png >> >> >> >> Anyone ever seen something like this? >> >> >> >> >> >> >> >> -- >> >> If you only see yourself as part of the team but you don't see your team >> as part of yourself you have already failed as part of the team. >> > > > > -- > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. >
