It¹s the old story locks are only for honest people. Spammers/Scammers almost always find a way to get their stuff through but legitimate emails get blocked.
Which is not to say one shouldn¹t lock things down as tightly as possible, and adjust security regularly or as required. Had one customer the hackings had been probing for 5 years, on /off /burst, Until they finally found a small crack then the flood of spam and different site VOIP calls. Check your logs regularly. Cheers, Chris Hurley From: AusNOG <[email protected]> on behalf of Andrew Yager <[email protected]> Date: Saturday, 28 October 2017 at 2:54 pm To: Mark Stewart <[email protected]>, Matt Perkins <[email protected]>, jay binks <[email protected]>, "[email protected]" <[email protected]> Subject: Re: [AusNOG] High number of inbound automated Chinese language calls on AAPT CTS They are spoofing source CLI so masking/monitoring CLI is useless. We have had downstream customers whose business has been significantly impacted by having their CLI used recently as an advertised number in scams similar to this at least twice this year. Someone has loose ACLs on their inbound and doesn¹t check their customers properly... :( And yes, it definitely isn¹t limited to AAPT. Just had one today to my DID on a Symbio inbound number. Andrew Get Outlook for iOS <https://aka.ms/o0ukef> From: AusNOG <[email protected]> on behalf of Mark Stewart <[email protected]> Sent: Friday, October 27, 2017 5:12:18 PM To: Matt Perkins; jay binks; [email protected] Subject: Re: [AusNOG] High number of inbound automated Chinese language calls on AAPT CTS Had a conversation with my Telstra guys this week in relation to phone system hacking where phone systems were being breached and then systematically being used to autodial numbers. The breaches can be occurred via Voicemail port hack is where their default pin number for their voicemail is the same has their 100 dial in number. SIP / VoIP credentials can be hacked / obtained and then assume that SIP network. Alternatively, their entire network has been hacked and the hacker is sniffing for IP Phone system and then interface into it to make calls. From: AusNOG [mailto:[email protected]] On Behalf Of Matt Perkins Sent: Friday, 27 October 2017 12:33 PM To: jay binks <[email protected]>; [email protected] Subject: Re: [AusNOG] High number of inbound automated Chinese language calls on AAPT CTS Hi Jay, Unwelcome Communications procedure only work when you have the source numbers. It's hard to give the CTS provider ~10,000 source numbers ;) They are trying however to chase it up. No it's not coming from a sip gateway. This equipment is not on the internet. Matt. On 27/10/17 3:22 pm, jay binks wrote: > > There are methods for dealing with unwelcome or nuisance calls. > > It's not always effective, but its worth a try. > > > > If your calls fit the definition of an "UNWELCOME COMMUNICATIONS" you may be > able to utilise http://www.commsalliance.com.au/Documents/all/codes/c525. > > > > The OP may have a claim to this with 3000 calls within 4 hours. > > Contact your CSP. "C/CSPs must assist end users in receipt of unwelcome > messages where it is reasonably possible to do so " > > > > They may only pass the complaint on to the originating carrier, but you might > get lucky. > > > > The other thing I initially thought of when I saw this ( but it seems like its > probably not the case after reading other peoples accounts ). > > Make sure your SIP equipment only accepts SIP from your SIP provider. > Sometimes you find people scanning your network, doing this sort of thing. > > > > Good luck ! > > > > Jay > > > > On 27 October 2017 at 14:12, Matt Perkins <[email protected]> wrote: >> >> The volumes we are getting are stunning if it's not targeted at AAPT. as it >> appears it's not from some of the on/off list responses. We have had over >> 3000 calls in the last 4 hours. This has been going on for almost 4 days. >> >> >> Matt. >> >> >> >> >> On 27/10/17 2:51 pm, [email protected] wrote: >> >>> We are getting runs of these to a Sydney and a Melbourne site. We are >>> Telstra inbound. >>> >>> >>> On Fri, Oct 27, 2017 at 1:55 PM +1100, "Andrew Yager" <[email protected]> >>> wrote: >>>> >>>> Hi Matt, >>>> >>>> >>>> >>>> We have seen multiple instances of this over the last couple of months to >>>> different number blocks. >>>> >>>> >>>> >>>> It's usually a Mandarin message claiming to be from the ATO. >>>> >>>> >>>> >>>> Have logged a few complaints on a few of them; have not got anywhere useful >>>> because each number is called "once" and doesn't meet the threshold for a >>>> nuisance claim. >>>> >>>> >>>> >>>> If any of my upstreams want to care though I'm happy to provide more >>>> details :) (nudge nudge) >>>> >>>> >>>> >>>> Andrew >>>> >>>> >>>> >>>> >>>> >>>> On 27 October 2017 at 13:34, Matt Perkins <[email protected]> wrote: >>>>> Here's some Friday fun. >>>>> >>>>> Are there any people with AAPT CTS that are receiving very high volumes >>>>> (500 an hour) of a Chinese language automated message. Numbers dialed in >>>>> appear to be random within a routed ranges they also appear to be using >>>>> random calling id's some start with 028009XX. Im told that the message >>>>> says it's from the Chinese consulate and ask you to push zero. I suspect >>>>> they are trying to determine which numbers have Chinese language speakers >>>>> answer for some later scam. But only appears to be on AAPT CTS. We have >>>>> CTS with a few other carriers and seeing nothing on those inbound. >>>>> >>>>> Interested to see if others are receiving same. >>>>> >>>>> Matt. >>>>> >>>>> >>>>> >>>>> -- >>>>> /* Matt Perkins >>>>> Direct 1300 137 379 <tel:1300%20137%20379> Spectrum >>>>> Networks Ptd. Ltd. >>>>> Office 1300 133 299 <tel:1300%20133%20299> >>>>> [email protected] >>>>> Level 6, 350 George Street Sydney 2000 >>>>> Spectrum Networks is a member of the Communications Alliance & TIO >>>>> */ >>>>> >>>>> _______________________________________________ >>>>> AusNOG mailing list >>>>> [email protected] >>>>> http://lists.ausnog.net/mailman/listinfo/ausnog >>>> >>>> >>>> >>>> -- >>>> >>>> Andrew Yager, CEO (BCompSc, JNCIS-SP, MACS (Snr) CP) >>>> >>>> Real World Technology Solutions - IT People you can trust >>>> >>>> Voice | Data | IT Procurement | Managed IT >>>> >>>> rwts.com.au <http://rwts.com.au> | 1300 798 718 <tel:1300%20798%20718> >>>> >>>> >>>> >>>> Real World is a DellEMC Gold Partner >>>> >>>> >>>> >>>> This document should be read only by those persons to whom it is addressed >>>> and its content is not intended for use by any other persons. If you have >>>> received this message in error, please notify us immediately. Please also >>>> destroy and delete the message from your computer. Any unauthorised form of >>>> reproduction of this message is strictly prohibited. We are not liable for >>>> the proper and complete transmission of the information contained in this >>>> communication, nor for any delay in its receipt. Please consider the >>>> environment before printing this e-mail. >> >> -- >> /* Matt Perkins >> Direct 1300 137 379 <tel:1300%20137%20379> Spectrum Networks >> Ptd. Ltd. >> Office 1300 133 299 <tel:1300%20133%20299> >> [email protected] >> Level 6, 350 George Street Sydney 2000 >> Spectrum Networks is a member of the Communications Alliance & TIO >> */ >> >> _______________________________________________ >> AusNOG mailing list >> [email protected] >> http://lists.ausnog.net/mailman/listinfo/ausnog > > > > -- > > Sincerely > > Jay -- /* Matt Perkins Direct 1300 137 379 Spectrum Networks Ptd. Ltd. Office 1300 133 299 [email protected] Level 6, 350 George Street Sydney 2000 Spectrum Networks is a member of the Communications Alliance & TIO */ _______________________________________________ AusNOG mailing list [email protected] http://lists.ausnog.net/mailman/listinfo/ausnog
_______________________________________________ AusNOG mailing list [email protected] http://lists.ausnog.net/mailman/listinfo/ausnog
