On Fri, 2010-10-15 at 11:20 -0400, Steve Totaro wrote: > This is nothing new. Trunk to trunk transfers and other exploits > could be used on old school phone systems to do the same thing. > > I would start with getting the current balance, if over $10k call the > FBI, call them anyways, it couldn't hurt. You want the Feds to check > things out before local police if possible. > > Gather as much info as possible, along with police and FBI case > numbers and then call the carrier and see what can be done. > > A friend of mine took what was supposed to be my one month rotation to > Iraq. I had too much going on to be in Iraq for a month and a half > and had taken the last rotation so it wasn't even my turn. > > The phone bill came for his cell (company provided on Asia Cell) for > $4k in just a couple weeks. It turns out that he was not using the > cell and one of the cleaning people stole his SIM. > > After contacting Asia Cell a few times about the matter, they credited > the whole amount back. So you never know. > > As for security, I assume you need to allow these extensions to > register from outside the LAN? If not, then only allow them to > register via a LAN IP, I would do it with iptables, only allow the > provider IP through. > > I am curious what your user:pass was? something like 1000:1000, I see > many systems setup like this and am surprised they haven't been hit > yet. > > In the future, you could use a scheme that makes it much more secure > and also pretty easy to maintain. > > The username could be the MAC and the pass could be the serial number > or asset tags if you use them. > > I know there must be dozens of people reading this that have had the > same issue but are embarrassed to speak up. >
Thanks Steve - that is the kind of advice I was looking for. I'm willing to take my lumps for the weak passwords on those accounts, and the lack of any filtering. I do understand the issues and the steps I need to take to better secure the switches in service, and just need to get off my a$$ and do it. Mainly I am hoping to hear from someone who has gone through the aftermath - as you mention above. So far I have had a discussion with the carrier who is "opening an investigation". I'll contact the FBI today as well. I'll send an update when this is all over for posterity. > (BTW Sierra Leone is in West Africa, not the Middle East.) > True ;) Most of the calls were Iraq, UAE, Lebanon... Found another one today that was 2.5 DAYS long to Chile. Bizarre. j -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users