I have been hacked

Actually, I wasn’t hacked, but one of the boxes I am peered with was. I was peered with that box using an IAX trunk with from-internal context rather than Dundi. I guess the hacker discovered that route and sent over 6000 calls totalling over 4000 minutes in 2 1/2 hours yesterday morning. I was notified when the a really nice lady from the Texas Department of Transportation called me and asked why I was calling repeatedly. I was out of the office and had my wife kill the router until I could get back.

Fortunately, I only use prepaid VOIP long distance carriers and it appears to have only cost me about $10.00.

I am posting this for several reasons. First to illustrate that it can happen. Second to illustrate that giving from-internal privileges to very trusted friends can cause problems for you. Finally, if I had been peered with him using Dundi, the hack would have not affected my server since the numbers being dialed were not numbers that I advertise routes for. Even if I had a Dundi route for the numbers advertised, the hacker would have been limited to one call at a time rather than the 26 calls per minute rate they were using.

The moral is that we need to peer with Dundi.


I spoke with my buddy whom I originally thought had been hacked. The calls did not come from his server, but the hacker used his credentials to get into mine. I went into /var/log/asterisk/full.1, which is yesterdays asterisk log, pulled a copy to my machine and found an IP address. I have notified the ISP but have had no official response. If I haven’t had a response by morning, I will file a report with my police department. While damages were limited, the impact of this is tremendous.