Where Should I Catch Hacker's Outgoing Calls

I have a script that runs when an outbound number is called. But I need to make sure that this script will be called when any call is made through one of my trunks. This script is basically a type of blacklist that will alert me if a number on my list is called. This is all working fine, and I currently initiate the check in the [macro-dialout-trunk-predial-hook] context. But I’m worried that if a hacker somehow gained access to my PBX they fraudulent calls they make may not pass through this hook. Is there a better place to run my code, or is this the best?

Your script will catch all calls made ‘normally’ on any trunk, e.g. if a hacker got the password for an extension, or if a dialplan vulnerability allowed an incoming call to be redirected to an external number.

However, nothing is completely secure. If the attacker got your SSH password or the login credentials for your VoIP provider, he could obviously make calls on your nickel regardless of how the PBX is set up.

Thanks. Yeah. It’s disappointing there is no perfect way to secure everything. This is basically just an attempt to get an early warning should one of my systems become compromised. At least it sounds like it should at least sometimes catch a breach.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.