[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Asterisk/FreePBX disable international calls

Posted on 2010-03-24
5
Medium Priority
?
5,147 Views
Last Modified: 2013-12-21
We discovered late yesterday someone hacked into your phone system (Asterisk) and dialed international calls from 4pm-until early this morning when discovered.  We immediately secured the system by closing the firewall so that Asterisk will only talk to our VOIP provider outside of our network (short term solution).

Is there a simple way to create dialing rules or disable all international calls from the system?  Is there a way to track after the fact who connected to the phone system, IP address?  
In the research this morning I have not found anything that particularly addresses securing dialing outside of the US.  I found one post that had a ton of dialing rules for international going to a bogus trunk, however it did not cover Somalia  the destination of this attack.    There has to be a simple set of strings that can prevent the calls in the future.  Is it simply enough to create a bogus trunk and add international as the dialing string (9|011.)?  Note that I used 9| as we need to dial 9 to get out.
0
Comment
Question by:acasgar
5 Comments
 
LVL 6

Expert Comment

by:nasirbest
ID: 28450631
in FreePBX

1. Click to Create a custom trunk
2. put "Local/s@macro-hangupcall" in Custom Dial String  and save the trunk
3. Create a new route with following Dialling Role (if internation dialprefix in your country is 011)

011.

4. choose your custom trunk and save the route
5. save / reload asterisk
0
 
LVL 19

Expert Comment

by:feptias
ID: 28532593
I would think it is much more important to focus on how the outsider was able to "hack into your phone system" than to just try and add special dialing rules to limit what they can do once they are in.

If you want to adjust the dialing rules then usually the section to look at is Outbound Routes, not Trunks. Outbound Routes is where you can control the routing for numbers dialled from an extension. Do you know if the hacker is using the system as if they were on an extension phone or did they gain access through an IVR menu - possibly gaining access to the DISA feature? Do you have the DISA module installed and are there any DISA objects defined? What does the call log report show for the Channel and Source of the hacker's calls?

Note that you can add PIN or Route Password access restrictions on both DISA and Outbound Routes.
0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 28581477
I agree with Feptias, there must be something with the way the dialplan is configured that allowed an outside caller to place an outbound call, and it should be the priority to fix that first.

The dialing rules are determined by pattern matching as Feptias pointed out, not the trunk itself, unless your provider has placed call restrictions for you.

That being said...
"Is it simply enough to create a bogus trunk and add international as the dialing string (9|011.)?  Note that I used 9| as we need to dial 9 to get out. "....... yes that actually would work, but you would be restricting international for all outgoing calls on your pbx if you simply add a bogus pattern match, just FYI.

Example.... I block all 900 numbers on my pbx...like this.
[restricted]
exten => 900XXXXXXX,1,Hangup()

Check to see if you have a DISA() , that could certainly allow this to happen...but there are also other possiblities as well that have more to do with the way your dialplan is configured.

For example....
....using ...   _.X,  as a pattern matching extension on your outbound rules...means.... "EVERYTHING", not found in any another part of the dialplan.  It's a "catch-all"...

If you happen to have a Background() or WaitExten() applications, somewhere in your IVR.... a person could potentially dial an extension...like  902883772634, while in the app.... and if that extension isn't found in the same context, or anywhere else in the dialplan, it could place an outbound call by failing over to the "catch all" pattern match.

Also, ..it's possible to have a custom feature enabled in features.conf... that is allowed for "caller", on the incoming route.  If the feature is designed to deliver up DISA, or some other custom dialing function...  that's another way it could be done.

These examples, show how a caller wouldn't have to "hack" into the system to register a phone, but rather,...call into the system normally, from any phone, and achieve an outbound dial due to a misconfiguration.

Can you post some dialplan code for us ?
0
 
LVL 25

Accepted Solution

by:
Ron Malmstead earned 1500 total points
ID: 28581556
....sorry that was...

[restricted]
exten => _900XXXXXXX,1,Hangup()
0
 
LVL 2

Author Closing Comment

by:acasgar
ID: 32430442
We ended up going to broadvoice and disabling all international calls, we also closed the firewall so that trixbox could only go to broadvoice and no one else outside could connect to it (less than ideal).
0

Featured Post

Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever wanted to query Cisco Call Manager CDR records from MS SQL Server? Here's how! CUCM can be configured to upload a CDR file to a given FTP server every minute. This article will show you how to set this up, schedule the import of this data an…
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Free Data Recovery software is an advanced solution from Kernel Tools to recover data and files such as documents, emails, database, media and pictures, etc. It supports recovery from physical & logical drive after a hard disk crash, accidental/inte…
Get the source code for a fully functional Access application shell with several popular security features that Access VBA application developers desire, but find difficult or impossible to figure out how to code. You get the source code for managi…
Suggested Courses

640 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question