Link to home
Start Free TrialLog in
Avatar of acasgar
acasgar

asked on

Asterisk/FreePBX disable international calls

We discovered late yesterday someone hacked into your phone system (Asterisk) and dialed international calls from 4pm-until early this morning when discovered.  We immediately secured the system by closing the firewall so that Asterisk will only talk to our VOIP provider outside of our network (short term solution).

Is there a simple way to create dialing rules or disable all international calls from the system?  Is there a way to track after the fact who connected to the phone system, IP address?  
In the research this morning I have not found anything that particularly addresses securing dialing outside of the US.  I found one post that had a ton of dialing rules for international going to a bogus trunk, however it did not cover Somalia  the destination of this attack.    There has to be a simple set of strings that can prevent the calls in the future.  Is it simply enough to create a bogus trunk and add international as the dialing string (9|011.)?  Note that I used 9| as we need to dial 9 to get out.
Avatar of nasirbest
nasirbest
Flag of Pakistan image

in FreePBX

1. Click to Create a custom trunk
2. put "Local/s@macro-hangupcall" in Custom Dial String  and save the trunk
3. Create a new route with following Dialling Role (if internation dialprefix in your country is 011)

011.

4. choose your custom trunk and save the route
5. save / reload asterisk
Avatar of Member_2_1968385
I would think it is much more important to focus on how the outsider was able to "hack into your phone system" than to just try and add special dialing rules to limit what they can do once they are in.

If you want to adjust the dialing rules then usually the section to look at is Outbound Routes, not Trunks. Outbound Routes is where you can control the routing for numbers dialled from an extension. Do you know if the hacker is using the system as if they were on an extension phone or did they gain access through an IVR menu - possibly gaining access to the DISA feature? Do you have the DISA module installed and are there any DISA objects defined? What does the call log report show for the Channel and Source of the hacker's calls?

Note that you can add PIN or Route Password access restrictions on both DISA and Outbound Routes.
I agree with Feptias, there must be something with the way the dialplan is configured that allowed an outside caller to place an outbound call, and it should be the priority to fix that first.

The dialing rules are determined by pattern matching as Feptias pointed out, not the trunk itself, unless your provider has placed call restrictions for you.

That being said...
"Is it simply enough to create a bogus trunk and add international as the dialing string (9|011.)?  Note that I used 9| as we need to dial 9 to get out. "....... yes that actually would work, but you would be restricting international for all outgoing calls on your pbx if you simply add a bogus pattern match, just FYI.

Example.... I block all 900 numbers on my pbx...like this.
[restricted]
exten => 900XXXXXXX,1,Hangup()

Check to see if you have a DISA() , that could certainly allow this to happen...but there are also other possiblities as well that have more to do with the way your dialplan is configured.

For example....
....using ...   _.X,  as a pattern matching extension on your outbound rules...means.... "EVERYTHING", not found in any another part of the dialplan.  It's a "catch-all"...

If you happen to have a Background() or WaitExten() applications, somewhere in your IVR.... a person could potentially dial an extension...like  902883772634, while in the app.... and if that extension isn't found in the same context, or anywhere else in the dialplan, it could place an outbound call by failing over to the "catch all" pattern match.

Also, ..it's possible to have a custom feature enabled in features.conf... that is allowed for "caller", on the incoming route.  If the feature is designed to deliver up DISA, or some other custom dialing function...  that's another way it could be done.

These examples, show how a caller wouldn't have to "hack" into the system to register a phone, but rather,...call into the system normally, from any phone, and achieve an outbound dial due to a misconfiguration.

Can you post some dialplan code for us ?
ASKER CERTIFIED SOLUTION
Avatar of Ron Malmstead
Ron Malmstead
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of acasgar
acasgar

ASKER

We ended up going to broadvoice and disabling all international calls, we also closed the firewall so that trixbox could only go to broadvoice and no one else outside could connect to it (less than ideal).