I have a number of failed calls from "unknown" to a number that appears to be in the uk. 442032987203 is the only common part, they keep trying different prefixes/access codes. All failed, thankfully, but I'm not even sure where I can find this in the logs - the only evidence I have that this even occurred is in the call detail records in the web interface.
We're using the random passwords the system generates, so I feel it's probably unlikely that someone magically brute-forced one of the passwords to one of our extensions. I tried grep'ing the /var/log/sipxecs folder but didn't find any instances of this number - is there a log file that these calls should be in? If someone did register I want to find that record, re-do that extension's password and install fail2ban to prevent future (non)incidents, but I can't seem to find it anywhere outside of the web interface... [cid:[email protected]] MobileAccord.com<http://mobileaccord.com> For more information text MA to 50555. __________________________________________________________________ Chris Wiegand | Network Administrator | Mobile Accord 2150 West 29th Avenue | Second Floor | Denver, Colorado 80211 USA t +1.303.531.5505 | m +1.720.244.1409 | f +1.303.531.5509 [cid:[email protected]]<http://www.linkedin.com/company/mobile-accord-inc.> [cid:[email protected]] <http://www.twitter.com/mobileaccordinc>
<<inline: image001.png>>
<<inline: image002.png>>
<<inline: image003.png>>
<<inline: image004.png>>
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
