Don’t really know where to post this topic. It is serious. I for sure don’t know if the vulnerability lies within the Asterisk system or Freepbx I need some clarification here. This is my story: I am not a programmer but just an integrator.
I became a victim of VoIP hijack by unscrupulous humans that used my trunks to generate calls to certain area codes in the USA (313). I thought I should share this with the community. So as you are deploying your VoIP platform you need to take all the necessary measures in ensuring that your servers are secured. I am using Freepbx 2.5.1 in a productive environment. Fortunately for me, I got a call from a gentle man that is already aware of the vulnerability that VoIP platforms have to tell me that my server has been hijacked and I should stop asking people of credit cards numbers. Hmmmmm innocent that I was made me stunned. I started arguing with him that it couldn’t have been my servers, so I was curious to know how in God’s name can someone hijack my EXTENSIONS to use them to lunch calls through my trunks to several hundreds of people within certain period. I decided to investigate.
sip show peers …found that my extensions were hijacked bearing an external IP address that could be a camouflaged. Tracing it will be waste of time. From the little I know I think your extensions should have your local IP address. example 192.168.XXX.XXX or 10.XX.XX.XX blablabla.
Steps I took:
I immediately disabled the trunk…with that you could see the calls been lunched in the CLI and your server will return all circuits are busy now.
Then I reconfigured my router allowing what was needed to allow media and signalling go through.
Ports: 5060-5061 and 10001-20000 all UDP
At this time amportal restart will not help.
The best option is to reboot your your router and wait for your extensions to re-register and I think you are good for the moment.
I monitored the server for 2hrs with tail -f /var/log/asterisk/full thinking the steps I took will help.
Wondering where and how the attack was made…will really send some light to us…need help