We discovered late yesterday someone hacked into your phone system (Asterisk) and dialed international calls from 4pm-until early this morning when discovered. We immediately secured the system by closing the firewall so that Asterisk will only talk to our VOIP provider outside of our network (short term solution).
Is there a simple way to create dialing rules or disable all international calls from the system? Is there a way to track after the fact who connected to the phone system, IP address?
In the research this morning I have not found anything that particularly addresses securing dialing outside of the US. I found one post that had a ton of dialing rules for international going to a bogus trunk, however it did not cover Somalia the destination of this attack. There has to be a simple set of strings that can prevent the calls in the future. Is it simply enough to create a bogus trunk and add international as the dialing string (9|011.)? Note that I used 9| as we need to dial 9 to get out.