I periodically will get an extension hacked and the fraudsters will try and make outbound calls to certain numbers which allow them to collect money from the connection time. I have created a trunk called “Blocked” and I create an outbound route with dial matching definitions that when there is a match, the call can’t complete because the “Blocked” trunk isn’t connected to anything…so the call fails. I also use the notification section to email and text me when an attempt is made. This is only one of the security things I employ, but it helps a lot from time to time. This week and new number, 16057251933 came up and I added the 605 Area Code to the list.
I’m adding the import file in case some of you may want to use it.
So that means you can never call someone in South Dakota right?
That’s right, while we assess what is out there in Premium Rate Service numbers in that Area Code. Luckily this weeks breach was caught quickly and we only lost about $80. But with 40ish platforms a hack can get costly. I’ve had that day when we lost $7K in 15 minutes.
Have you ever considered not accepting INVITES sent to UDP/5060 ?
The real question here is, have you considered tightening the security on the systems? Because either the passwords are too easy to hack and simple generators are finding them or the system(s) itself is compromised in someway and that is how they are getting credentials. Which, by the way, wouldn’t matter about the port since they would already know by having access to things.
There is a big difference between “I was listening on 5060 and they used a dictionary attack on me” vs “I was listing on 9050 and they hacked my server and have passwords”. That would leave the follow up of, how are these 40+ boxes being secured and setup? What is being left open to the public on them that isn’t being protected that they could get in through? Have the boxes themselves been compromised?
So your customers pay you to be their provider? They pay you directly for their usage? If so, you do not have the luxury of blocking US destination within the 48 states. It’s illegal. You are not allowed to block destinations because they might cost you (the provider) more than you’d like. Your customers not being able to call a destination because it’s too much for you doesn’t matter. You eat the costs and that’s that.