System is a version 14 Asterisk version 13. It has several hundred phones on it. The system is a server grade system and been installed for several years.
We have an extension that will go off hook and dial a specific extension within the system, be answered by the distant voicemail (since it doesn’t get answered) and hangs up. The user most times is across the room from the phone and hears it go off hook and the whole call over speakerphone. The call does show up in the CDR report. Sometimes the phantom calls are after hours as well. There doesn’t appear to be any nefarious calls outside the system.
The traffic on the system is so much that we haven’t been able to catch it in a tcpdump yet.
Things we have done:
Defaulted the phone
Replaced the phone with one of the same make / model
Deleted the extension in the system and changed the secret.
Stopped FOP2
Made sure that the phone didn’t have a stuck button (BLF) for the distant extension.
Phone is stand alone ie: no BLF/DSS sidecar
If it possible to send a command to a phone and have it dial all by itself?
The following settings are at default:
Accept SIP TRust Server Only is set to false
Enable Peer to Perr is set to allow
My thinking is to try a different phone manufacturer in case there is an exploit that is being taken advantage of. The phones are no longer under warranty and or the company will not provide updated firmware.
As soon as I can get to that phone I will make those changes. I do not know if they are using the page function on the phone, but that is possible since it is in a school. I’ll check that out. Also, I think I can get a full CDR export of one of those calls
I have it working so that it gets ALL sip sessions. In the instructions there is a -n switch to only capture specific extensions. I tried using -n 101 to capture a call for extension 101 It didn’t weed out those calls. What is the systax for that? Or does it work. Second question how can I start that and close the ssh session?
Thanks alot!