Our phone provider has called and said that they have seen fraud calls going out to other countries. I have tried to compare their logs with the logs in the freepbx and I am not seeing the same calls going out. I am not sure if I am looking in the wrong place or not. Also any ideas on what to do to lock the firewall down more to prevent this. This is second time this has happened. They have outgoing calls blocked until I get it fixed.
If you’re ITSP uses credentials, then it’s possible your trunking credentials have been leaked and calls are being placed from somewhere other than your PBX. Is the provider able to determine that the calls are coming from your IP?
I will ask. We are not using VOIP, we have analog lines. So if there are credentials I am unaware of them.
The authentication suggestion was made on the basis that people who do not say are usually using SIP, when they post to this forum.
What hardware are you using to interface the analogue lines to Asterisk?
If you are using a SIP gateway device, rather than a PCI(e) card, the calls may be being injected directly into the gateway.
You should block the port you use for internal VoIP, at the firewall, unless you need to have internal users call from outside.
Picking a high numbered port, rather than 5060 will reduce attempts, as will moving to TCP signalling.
If using an analogue gateway, that should be configured to authenticate with Asterisk, and preferably configured with fixed address in Asterisk.
We have a PCI(e) card that our lines are plugged into. We use a PBXact 100 and have 2 PCI(e) cards installed.