All- Recently an Asterisk server we host was hacked and used to route some unauthorized calls. We have since improved our security measures, including installation of fail2ban.
The interesting thing is the way in which this was discovered. The unauthorized calls were occurring intermittently last Thurs evening thru Sat morning. On Sat morning, some of our employees were attempting to log-in remotely to a company e-mail server and one found that his provider, Verizon, had blocked the server static IP. My question: do carriers build some type of "internal blacklist" if they detect unusual VoIP calling patterns? And possibly trade that between themselves, for example one carrier detects it, and after some time other carriers are aware? The carrier was used for the unauthorized calls is Tata... I'm curious as to why Verizon (evidently) knew before Tata. -Jeff PS. Interesting footnote: upon learning of the Verizon block, one of our employees drove to the lab and disconnected the VoIP subnet (with the Asterisk box), reset some routers, etc in an attempt to get the company remote e-mail working again. He didn't know it at the time, but in so doing, he cut off the hackers "in mid call" (hehe) and saved a bunch of $$. -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
