I’m not certain yet. But I’m getting suspicious of a compromise. Yesterday morning our phone system rebooted itself out of the blue. It had never done that before. When it came back up, the reboot reeked all sorts of havoc on the queues and which menebers it thought were actually online.
Now this morning. Local outbound calls work but long distance calls don’t and inbound calls only work from outside the company. We think that this is our PRI provider and not a system problem but I’m suspicious.
Is there a write up anywhere of all of the places I should be looking in the systems for sign of a compromise? What things I might find if I have been compromised?