I would like to know about that Chile destination. always start here: http://www.spamhaus.org/drop/
~ Andrew "lathama" Latham [email protected] * Learn more about OSS http://en.wikipedia.org/wiki/Open-source_software * Learn more about Linux http://en.wikipedia.org/wiki/Linux * Learn more about Tux http://en.wikipedia.org/wiki/Tux On Fri, Oct 15, 2010 at 12:50 PM, Jeff LaCoursiere <[email protected]> wrote: > On Fri, 2010-10-15 at 11:20 -0400, Steve Totaro wrote: > >> This is nothing new. Trunk to trunk transfers and other exploits >> could be used on old school phone systems to do the same thing. >> >> I would start with getting the current balance, if over $10k call the >> FBI, call them anyways, it couldn't hurt. You want the Feds to check >> things out before local police if possible. >> >> Gather as much info as possible, along with police and FBI case >> numbers and then call the carrier and see what can be done. >> >> A friend of mine took what was supposed to be my one month rotation to >> Iraq. I had too much going on to be in Iraq for a month and a half >> and had taken the last rotation so it wasn't even my turn. >> >> The phone bill came for his cell (company provided on Asia Cell) for >> $4k in just a couple weeks. It turns out that he was not using the >> cell and one of the cleaning people stole his SIM. >> >> After contacting Asia Cell a few times about the matter, they credited >> the whole amount back. So you never know. >> >> As for security, I assume you need to allow these extensions to >> register from outside the LAN? If not, then only allow them to >> register via a LAN IP, I would do it with iptables, only allow the >> provider IP through. >> >> I am curious what your user:pass was? something like 1000:1000, I see >> many systems setup like this and am surprised they haven't been hit >> yet. >> >> In the future, you could use a scheme that makes it much more secure >> and also pretty easy to maintain. >> >> The username could be the MAC and the pass could be the serial number >> or asset tags if you use them. >> >> I know there must be dozens of people reading this that have had the >> same issue but are embarrassed to speak up. >> > > Thanks Steve - that is the kind of advice I was looking for. I'm > willing to take my lumps for the weak passwords on those accounts, and > the lack of any filtering. I do understand the issues and the steps I > need to take to better secure the switches in service, and just need to > get off my a$$ and do it. > > Mainly I am hoping to hear from someone who has gone through the > aftermath - as you mention above. So far I have had a discussion with > the carrier who is "opening an investigation". I'll contact the FBI > today as well. I'll send an update when this is all over for posterity. > > >> (BTW Sierra Leone is in West Africa, not the Middle East.) >> > > True ;) Most of the calls were Iraq, UAE, Lebanon... Found another one > today that was 2.5 DAYS long to Chile. Bizarre. > > j > > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
