Unsure if hacked


#1

hello.
I just tried to dial 555 to listen in on a call; when I get the system automated prompt “SIP 192” it gives a busy tone and repeats a couple of times, before going to “DAHDI 17”… etc… This prompted me to look at the call logs and there are 10,000s of 192 sip call, all about 10 seconds in duration.

I’m not a telecom guy, and have no knowledge of linux, etc, but what steps would you have me take to secure this; i can’t help think that this has been going on for years. as the call logs go back to 2012. I’m guessing that the system has been hacked many years ago, as I doubt the the system would auto dial an extension number that doesn’t exist (192).

Let me know what information (preferably with step-by-step instructions) to help troubleshoot this.

Lee


(Lorne Gaetz) #2

These are probably not intrusion attempts, any more than someone ringing your doorbell is a break-in attempt. Check Settings, Asterisk SIP Settings and ensure both Allow Anonymous and SIP Guests are disabled.


#3

Thanks for posting. I like the analogy!

I saw that the Guest was enable, but the Allow Anon was not. I disabled guests and hope that it will cease.

Thanks


(Lorne Gaetz) #4

Assuming I’m right, and these are just stray inbound calls, this tells us that your SIP signalling port(s) is open to untrusted traffic, and presumably you’re unaware of this. I would say this is a wakeup call to carefully review your system security.


#5

I appreciate the advice. However, I’m a nurse practitioner and not a telecom guy. This phone system was added to our office, and although it’s great for us (we can work from home) it begs me to wonder where the security flaws are…

Lee


(Dave Burgess) #6

Not flaws as much as incomplete setup.

https://wiki.freepbx.org/display/FOP/Remote+Phone+Best+Practices+and+Limitations

If you do not require “from anywhere” access (everyone with an extension is inside the LAN, coming in via VPN, or calling from “known IP” locations, you might want to review the following as well:

https://wiki.freepbx.org/display/FPG/Responsive+Firewall

When you have questions, drop back in here and we will try to help you.