CDR - Attempted Hack?


I was looking through my CDR Report today and I noticed 20 entries the same as the one below (spread over about 30 seconds). Should I be concerned by this?

2011-06-26 08:31:36 SIP/ 18000000611 “18000000611” <18000000611> s ANSWERED 13

Could you also help me understand why the dst is “s”? Is it because I have anonymous calls turned off?

Thanks for your help,

‘s’ stands for start.

Why would you have your phone system exposed to the Internet?

Thanks for your quick reply.

I’m a hobbyist. I live in NZ and I’m using FreePBX/Asterisk to stay in touch with friends and family in the UK. I use a hosted ( server running PBX In A Flash. The server has the default PIAF Firewall (IPTABLES) and Anonymous calls disabled.

I appreciate it’s not an ideal setup, and if I were a company using it as a corporate phone system I would hang my head in shame, but I’m just using it a) To learn about VoIP and b) To have the convenience of free international calls and multiple trunks (in different countries).

So, should I be concerned that an unsolicited IP can hit “s”, or is this expected behaviour when a connection attempt is blocked?


The problem is the risk involved. If your machine is compromised a very large phone bill can be run up.

If you have your IP voip provider account setup as prepaid and only keep a small balance the exposure is fixed and manageable. I have seen people have their VoIP accounts tied to a credit card with a massive limit and rack up huge bills.

I would also put an access list in the firewall covering the whole netblock of your relatives provider. That will limit access to only people on the same provider in the same region.

I am sure that it is fun running the system.