Was I hacked or was my router hacked?

Discussion in 'General' started by abnothing, Oct 14, 2010.

  1. abnothing

    Joined:
    Oct 6, 2009
    Messages:
    5
    Likes Received:
    0
    I have a 1.6 and I recently got a bill from my pri provider and there are calls on there that don't appear on CDR's the Pri Provider claims that my pbx was compromised. Shouldn't these calls appear in the logs if it came from my elastix box?

    Please advise!!!
     
  2. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    Unfortunately not so, if your box is compromised then there are any number of ways to make calls behind Elastix/FreePBX' back.

    Ideally your firewall will only allow connection on udp 5060 (SIP) from your inbound carriers' servers and any remote boxes you allow to register. (tcp 5038 (AMI) should be denied on the firewall also unless you have a good reason to open it.)

    Investigate installing Fail2ban and or CSF for dynamic management of iptables and browse the security forum here and elsewhere (PIAF, to name a few).

    Mostly keep an eye on /var/log/asterisk/full and /var/log/secure. and always be able to identify all registered endpoints in

    rasterisk -x 'sip show peers'|grep -v Unspecified, (this will also help you identify the IP' that you should allow access to 5060)
     

Share This Page