Richard Case was a serial killer in the 1970’s and he had some odd perspectives, even for a sociopath. His idea was that of a door was locked then he was not welcome. If he tried the door and it was unlocked then it was an invitation. Imagine how many lives were saved because someone remembered to lock their doors. I have never had the misfortune of seeing a $10,000 phone bill. I have read about many cases over the years where Jerry’s tax service and Ethiopian pizzaria was nailed with a huge phone bill from calls to some country they can’t find on a map. So I sat down and started to map out how to automagically stop this sort of thing and wondered why this hadn’t already been done. The first step was to understand the process of compromise. It turns out the process is basically jiggling door knobs. If the door is locked I move on. If the door is unlocked they must want me there. So to stop these events I could write a script that users could setup. Make some assumptions and probably have a 105% success rate including false positives. So I should get on that right? NO! What I found is that the user effort to set up such a script and run it is about equal to the user simply changing the locks. The locks people use are equal to the latch that keeps the door shut. So when I jiggle the door it opens right up. We need people to lock the deadbolt.
Leaving the door unlocked and setting the alarm in hopes someone dials 911 is a poor strategy. If someone does call 911 what’s the response time? How much can be done in that time? Perhaps someone hides in the crawl space so when the ruckus clears they are back in without any alarms.
So here is what you need to do.
Use some common sense.
Set proper passwords on sip accounts and voicemail boxes.
Be different use a 5 or 6 digit pin
Use complex passwords for your endpoints. Use a password generator. Set up your outbound routes properly. Dont leave unrestricted routes. Put limits in place. The more locks you use the less likely shaking the door will cause it to open. Smokey the bear says ‘only you can prevent forest fires’ tango the frog says 'only you can secure your PBX.
Typed out on a mobile device please forgive spurious errors and autocorrect.
Update: found the following list on the intertubes. You should probably create a blocking route to block the following.
264 Anguilla (split from 809)
268 Antigua and Barbuda
284 British Virgin Islands
340 US Virgin Islands: St Thomas, St John
345 Cayman Islands
649 Turks and Caicos Islands
670 Northern Mariana Islands
758 St. Lucia
784 St. Vincent and Grenada
787 Puerto Rico
809 Caribbean, Bermuda, Puerto Rico, Virgin Islands
868 Trinidad and Tobago
869 St. Kitts/Nevis
900 Pay_Per_Call Numbers
939 Puerto Rico
976 Pay_Per_Call Numbers
Unless of course you need to call one of these