Hacking so simple?

Hi Freepbx,

Some of our PBX’s are hacked, or not???
When I do wireshark, I see the next invite -> SIP/SDP Request: INVITE sip:[email protected], with session description

825240219700 is the number that is being dialed. is the hackers IP address

Without a registered sip phone he is trying to dial out.

How is this possible??
Is have set “allow sip guest” to no

I am clewless now.
Hope someone can explain this to me.

That does not tell me your system is being hack. Based on what you pasted that shows a inbound call is trying to be sent to your PBX

Hi Tony, Thanx for your answer.
When this invite passes, a call outbound was created to number 825240219700.

There is no other (hackers) device logged in on a extension and still there are outgoing calls. (much of them fail building up a rtp stream)

Veryvery strange