We took a pretty nasty hit one time, a system administrator didnt listen to us about changing the passwords. Luckily they took part of the blame in that, and we split the 1800$ it cost us in half. We could have changed them, and she didnt change them, so we were both at fault.
Like said previously, fail2ban is a pretty good start. Weak secrets definitely dont help. An interesting project to look into and i'm working with right now, i've got a honeypot set up in the wild, but havent gotten anything really worth while yet... http://www.infiltrated.net/voipabuse/defensive.html I'd also suggest, if you dont *have* to have international dialing on the trunk. Turn it off, put a pin on it, or just send it to a dummy trunk that doesnt do anything or route anywhere. I really hope this helps, and best of luck with cleaning up from the aftermath. I know ours was a pretty good wake up call to us to really start locking things down. I know its lame, but from Network Security Hacks. Security isn't a noun, it's a verb; not a product, but a process --Matt On Fri, Oct 15, 2010 at 11:50 AM, Jeff LaCoursiere <[email protected]> wrote: > On Fri, 2010-10-15 at 11:20 -0400, Steve Totaro wrote: > > > This is nothing new. Trunk to trunk transfers and other exploits > > could be used on old school phone systems to do the same thing. > > > > I would start with getting the current balance, if over $10k call the > > FBI, call them anyways, it couldn't hurt. You want the Feds to check > > things out before local police if possible. > > > > Gather as much info as possible, along with police and FBI case > > numbers and then call the carrier and see what can be done. > > > > A friend of mine took what was supposed to be my one month rotation to > > Iraq. I had too much going on to be in Iraq for a month and a half > > and had taken the last rotation so it wasn't even my turn. > > > > The phone bill came for his cell (company provided on Asia Cell) for > > $4k in just a couple weeks. It turns out that he was not using the > > cell and one of the cleaning people stole his SIM. > > > > After contacting Asia Cell a few times about the matter, they credited > > the whole amount back. So you never know. > > > > As for security, I assume you need to allow these extensions to > > register from outside the LAN? If not, then only allow them to > > register via a LAN IP, I would do it with iptables, only allow the > > provider IP through. > > > > I am curious what your user:pass was? something like 1000:1000, I see > > many systems setup like this and am surprised they haven't been hit > > yet. > > > > In the future, you could use a scheme that makes it much more secure > > and also pretty easy to maintain. > > > > The username could be the MAC and the pass could be the serial number > > or asset tags if you use them. > > > > I know there must be dozens of people reading this that have had the > > same issue but are embarrassed to speak up. > > > > Thanks Steve - that is the kind of advice I was looking for. I'm > willing to take my lumps for the weak passwords on those accounts, and > the lack of any filtering. I do understand the issues and the steps I > need to take to better secure the switches in service, and just need to > get off my a$$ and do it. > > Mainly I am hoping to hear from someone who has gone through the > aftermath - as you mention above. So far I have had a discussion with > the carrier who is "opening an investigation". I'll contact the FBI > today as well. I'll send an update when this is all over for posterity. > > > > (BTW Sierra Leone is in West Africa, not the Middle East.) > > > > True ;) Most of the calls were Iraq, UAE, Lebanon... Found another one > today that was 2.5 DAYS long to Chile. Bizarre. > > j > > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
