I always thought it'll never happen to me and I'm glad it didn't happen to a customer just to me. My asterisk that I use for both my business and light testing doesn't have SIP 5060 accessible from the Internet usually. I'm therefore not that careful when creating SIP accounts for testing to tighten the password. 2 weeks ago during troubleshooting something I forwarded 5060 to my asterisk box and forgot to disable it. This morning I logged in to troubleshoot some stupidity, at which point I noticed phone calls flying thru my system. I checked and found: * Port 5060 is still open * Some stupid sip friend I created for testing purposes about 3 years ago still existed, the settings were: 122 secret/122 that was used in the * Checked my CDRs and realized they made 479 calls the first one being at 2/26/2009 14:41. * I realized I'm lucky and they only robbed me $1.91, yes total billable seconds only came to $1.91. * The phone numbers they were calling were consecutive order in a specific NPA-NXX
I listened in on the calls (chan_spy) and was able to figure out it was some scam to get personal info. Whats really bothers me is that since they couldn't actually access my box - just SIP credentials - they were using the default internal DP which gave my CallerID. I'm expecting some phone calls from some angry people :P The IP address is: 88.151.100.167 I know it's totally my fault and I'm extremely lucky to have caught them so early. _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
