rolfbeethoven
New Member
- Joined
- Jun 13, 2008
- Messages
- 38
- Reaction score
- 0
I have a dedicated PIAF server at home with an spa3102 for the PSTN tie-in and two VOIP trunks. It's my fault, but I didn't realize that keeping the extension and the secret the same number isn't a good idea.
Last week we starting getting calls from Michigan with people telling us that they missed our call but saw our number on their caller id. I checked the caller logs and noticed that someone had made over 2,000 phone calls from noon to five in the evening. Ouch. I called a few of the numbers with longer connection times and learning that these people had received a telemarketing phone call at this time.
I searched the forum and found several threads regarding the extension/secret issue. I have since changed all the extension passwords/secrets and I checked that fail2ban was installed. I checked the logs and found that on the day before an IP from poland had made multiple attempts to authenticate as extensions 100-300.
The good news is that the total monetary cost for me was a little over a dollar since I have an alldistance service on the PSTN line, over which most of the calls were made. Most of the calls were unanswered, but I could have really run up a bill had the person been calling some expension foreign location. I also reported the incident to the police to document what happened.
I'm left with a few questions...
1) How can I verify that fail2ban is working? I followed an install guide, but I didn't see how to check it. I'm not sure how to attempt a breaking to my own system from a friends system to see if they get locked out. My PIAF server shows that fail2ban is online and I'm using version 0.6.1.
2) What do I need to check to ensure that my system isn't still compromised? Is the hacker limited to making phone calls by spoofing one of my extensions or could their be bigger problems on my system?
3) Is it safe to force a PIN for any non-local calls? Can that be spoofed as well?
I using PIAF 1.3 running Asterisk 1.4.21.2
Thanks.
Last week we starting getting calls from Michigan with people telling us that they missed our call but saw our number on their caller id. I checked the caller logs and noticed that someone had made over 2,000 phone calls from noon to five in the evening. Ouch. I called a few of the numbers with longer connection times and learning that these people had received a telemarketing phone call at this time.
I searched the forum and found several threads regarding the extension/secret issue. I have since changed all the extension passwords/secrets and I checked that fail2ban was installed. I checked the logs and found that on the day before an IP from poland had made multiple attempts to authenticate as extensions 100-300.
The good news is that the total monetary cost for me was a little over a dollar since I have an alldistance service on the PSTN line, over which most of the calls were made. Most of the calls were unanswered, but I could have really run up a bill had the person been calling some expension foreign location. I also reported the incident to the police to document what happened.
I'm left with a few questions...
1) How can I verify that fail2ban is working? I followed an install guide, but I didn't see how to check it. I'm not sure how to attempt a breaking to my own system from a friends system to see if they get locked out. My PIAF server shows that fail2ban is online and I'm using version 0.6.1.
2) What do I need to check to ensure that my system isn't still compromised? Is the hacker limited to making phone calls by spoofing one of my extensions or could their be bigger problems on my system?
3) Is it safe to force a PIN for any non-local calls? Can that be spoofed as well?
I using PIAF 1.3 running Asterisk 1.4.21.2
Thanks.
Phone System 