Someone attacked my system. My system is setup with a trunk that diverts calls to my mobile and my mobile has voicemail activated. How the attack happened: I received a call and on answering the diverted call I heard a automated response. Hung up the phone and I instantly had about 16 missed call notifications / voicemail messages. A few more seconds after hanging up and the same again. At this point I blocked the number, but the records show another 26 attempted calls were made but blocked. In all I had about 70 incoming calls in a space of two minutes from this number 443333440000.
Don’t know who, or sure why they did this - the only beneficiary seems to be the service provider. Any info about this and how best stop it would be welcome???
I think there is some chan_sip bug that lets people somehow make asterisk make a call out on an unregistered extension. i’ve noticed one of our servers doing that. Changing to PJSIP fixes it.
Thought I read somewhere that they aren’t patching chan_sip anymore and focusing entirely on PJSIP
There’s a ‘Disallow transfer features for inbound callers’ which is set to YES
Disallow transfer features (Normally ## and *2) for callers who passthrough inbound routes (Such as external callers)
That seems to be the default, with thats set to yes is it still necessary to remove the Tt ??
Still getting these calls from 443333 440000 they coming from a company by the name of aql.com. Another 60 calls in less than a minute.
But I’ve found out something about my system. I put the 443333 440000 in my blacklist on freepbx and even though the system hangs up on the calls my DiD provider still charges me for the calls. So I made a call from another phone to the same number that aql are calling on my system but sent the incoming call to another phone on my system that just rings and still my DiD provider charges for the call. So I’m charged just because someone rings that number even if unanswered.
But here’s the bit I don’t understand. Again I made a call from another phone to the same number that aql are calling on my system but with a difference, i sent the incoming call to my mobile without answering it. This time my DiD provider did NOT charge for the call unanswered call.
So any call passing through my system (forwarded) to my mobile is not charged by the DiD provider if unanswered!!
And any call that terminates in any way on my system, I’m charged by the DiD provider!!
My question is How does my DiD provider know that the call is not being passed out of my system to my mobile? Whats the difference between an unanswered call on my system and an unanswered call on my mobile?
How do you know it’s coming from AQL and have you tried to contacting them?
A few years ago we had an issue with someone trying to abuse our system, we found out where is was coming from, contact the ISP and they shut them down.
They will ask for details, generally logs are sufficient, they don’t want to shut down their customers with out really good proof.
To you question, if I recall, blocking a number is the same as answering the call and hanging up immediately after it’s answered.
I would grep out 4443333 from the full log and see the ip(s) where the invites are coming from, then permenantly drop such connections in your router/firewall , whatever you use.