[VoiceOps] Weekend Fraud
J. Oquendo
joquendo at e-fensive.net
Mon Jun 17 15:22:39 EDT 2013
Interesting weekend. Client (has trunks with us) is running
about a dozen or so TOS3000's, two of them on different
(completely different) networks both got compromised. My
first guess is: crappy administration (username/password)
but there *may* be something else who knows. (Hardcoded
passwords, an exploit)
In either event, dumping these here, all fraudulent calls
that were placed. You'd notice you can see them try to
dial a 9+country code, 8+country code, and so forth. All
of these has 011 stripped ;) So when you see those top
two, its likely someone tried: 01101144xxxxxxxxxx
Hopefully others can get an idea on areas/countries to
block. CC'd to VoIPSec since some of us are there as well
and others aren't. Interested to know what other ITSPs
are doing with regards to having clients (who do trunks)
configure their PBXs and dialplans securely.
Maybe its time for a (non)NIST-SP-VOIP-BEST-PRACTICE
document?
--------------// DST numbers dialed (sorted uniquely)
011442070439799
011972598841890
22478111520
22478222520
25230221540
25240113280
25240113990
25240129690
25240213000
25240230440
25240700270
25240900880
25240901099
25240911012
25270000040
25270300410
25270600240
25270700940
25270903440
25299180970
25299273230
25299378600
254203038015
255411400630
255411410310
261200100030
261200300030
263771061040
263771301130
263772791140
263773446120
37125020620
37127971452
37168521352
37178519030
37181818200
37190603360
37270203290
37270231340
37745598028
441223916199
881800000040
881835211060
881835311940
881945110487
9011441223916199
9011442070439799
9011972598841890
901442070439799
9441223916199
96897893561
96897903038
972592204481
972592250961
972592663085
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
"Where ignorance is our master, there is no possibility of
real peace" - Dalai Lama
42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF
More information about the VoiceOps
mailing list