I just had a call from a customer that had choppy audio and I found an 85 kbps stream uploading to bandwidth.com. This is an older system running Asterisk 1.4 and FreePBX 2.5 or 2.6. We don’t have anything set up with Bandwidth.com. Can someone explain what could cause this? The stream went away when I block outbound traffic to 67.231.8.111 at the firewall.
Tony, Philippe???
This system has been in place for years. Can you shed any light on why it would do this all of the sudden?
John,
I know Tony is crazed right now with the acquisition and all the new staff. You may want to reach out to him another way.
I have never seen this happen. Could it just be a stuck channel? Does it stop if you stop just asterisk?
You might want to contact Bandwidth if you don’t use them for anything, as they should also be able to find out what system on their end your communicating with. With that info it should be simple to determine if it’s a compromise or something else. Granted I tend to agree with Tony, assume you have a break in till you prove otherwise.
We actually use Bandwidth for some SIP services, and nothing here talks to the IP you listed…
Just a quick suggestion, email [email protected] , derived from:-
whois 67.231.8.111
[Querying whois.arin.net]
[whois.arin.net]
Query terms are ambiguous. The query is assumed to be:
“n 67.231.8.111”
Use “?” to get help.
The following results may also be obtained via:
http://whois.arin.net/rest/nets;q=67.231.8.111?showDetails=true&showARIN=false&ext=netref2
NetRange: 67.231.0.0 - 67.231.15.255
CIDR: 67.231.0.0/20
OriginAS: AS12130
NetName: BWCOM-CUST-BLK-01
NetHandle: NET-67-231-0-0-1
Parent: NET-67-0-0-0-0
NetType: Direct Allocation
RegDate: 2007-12-21
Updated: 2012-03-20
Ref: http://whois.arin.net/rest/net/NET-67-231-0-0-1
OrgName: Bandwidth.com Inc.
OrgId: BNO
Address: 4001 Weston Parkway
City: Cary
StateProv: NC
PostalCode: 27513
Country: US
RegDate: 2003-11-17
Updated: 2009-04-08
Ref: http://whois.arin.net/rest/org/BNO
OrgTechHandle: BCNO1-ARIN
OrgTechName: Customer Care Department
OrgTechPhone: +1-800-409-4357
OrgTechEmail: [email protected]
OrgTechRef: http://whois.arin.net/rest/poc/BCNO1-ARIN
OrgAbuseHandle: BCNO1-ARIN
OrgAbuseName: Customer Care Department
OrgAbusePhone: +1-800-409-4357
OrgAbuseEmail: [email protected]
OrgAbuseRef: http://whois.arin.net/rest/poc/BCNO1-ARIN
OrgNOCHandle: BNO13-ARIN
OrgNOCName: Bandwidth Network Operations
OrgNOCPhone: +1-800-409-4357
OrgNOCEmail: [email protected]
OrgNOCRef: http://whois.arin.net/rest/poc/BNO13-ARIN
RTechHandle: ENGIN75-ARIN
RTechName: Engineering
RTechPhone: +1-919-439-3575
RTechEmail: [email protected]
RTechRef: http://whois.arin.net/rest/poc/ENGIN75-ARIN
RNOCHandle: ENGIN75-ARIN
RNOCName: Engineering
RNOCPhone: +1-919-439-3575
RNOCEmail: [email protected]
RNOCRef: http://whois.arin.net/rest/poc/ENGIN75-ARIN
RAbuseHandle: ENGIN75-ARIN
RAbuseName: Engineering
RAbusePhone: +1-919-439-3575
RAbuseEmail: [email protected]
RAbuseRef: http://whois.arin.net/rest/poc/ENGIN75-ARIN