Was I hacked or was my router hacked?

abnothing

Joined
Oct 6, 2009
Messages
5
Likes
0
Points
0
#1
I have a 1.6 and I recently got a bill from my pri provider and there are calls on there that don't appear on CDR's the Pri Provider claims that my pbx was compromised. Shouldn't these calls appear in the logs if it came from my elastix box?

Please advise!!!
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#2
Unfortunately not so, if your box is compromised then there are any number of ways to make calls behind Elastix/FreePBX' back.

Ideally your firewall will only allow connection on udp 5060 (SIP) from your inbound carriers' servers and any remote boxes you allow to register. (tcp 5038 (AMI) should be denied on the firewall also unless you have a good reason to open it.)

Investigate installing Fail2ban and or CSF for dynamic management of iptables and browse the security forum here and elsewhere (PIAF, to name a few).

Mostly keep an eye on /var/log/asterisk/full and /var/log/secure. and always be able to identify all registered endpoints in

rasterisk -x 'sip show peers'|grep -v Unspecified, (this will also help you identify the IP' that you should allow access to 5060)
 

Members online

No members online now.

Latest posts

Forum statistics

Threads
30,902
Messages
130,886
Members
17,563
Latest member
dineshr
Top