Comments on: Asterisk PBX Hack Attack (or, how scammers hijacked my phone system to place unauthorized calls) http://deepliquid.com/blog/archives/19 Just another WordPress weblog Wed, 10 Mar 2010 17:39:16 +0000 http://wordpress.org/?v=2.7.1 hourly 1 By: RaiulBaztepo http://deepliquid.com/blog/archives/19/comment-page-1#comment-6730 RaiulBaztepo Sun, 29 Mar 2009 06:45:31 +0000 http://deepliquid.com/blog/?p=19#comment-6730 Hello! Very Interesting post! Thank you for such interesting resource! PS: Sorry for my bad english, I'v just started to learn this language ;) See you! Your, Raiul Baztepo Hello!
Very Interesting post! Thank you for such interesting resource!
PS: Sorry for my bad english, I’v just started to learn this language ;)
See you!
Your, Raiul Baztepo

]]> By: CocoonEx VOIP Service » Blog Archive » SIP HACKING… http://deepliquid.com/blog/archives/19/comment-page-1#comment-305 CocoonEx VOIP Service » Blog Archive » SIP HACKING… Wed, 12 Nov 2008 03:51:16 +0000 http://deepliquid.com/blog/?p=19#comment-305 [...] http://deepliquid.com/blog/archives/19 [...] [...] http://deepliquid.com/blog/archives/19 [...]

]]> By: admin http://deepliquid.com/blog/archives/19/comment-page-1#comment-36 admin Wed, 01 Oct 2008 16:43:16 +0000 http://deepliquid.com/blog/?p=19#comment-36 Thanks for posting your experiences. I did not contact abuse, but I also had no idea that this IP would be in business for so long. I've been consistently getting hits from people searching for that IP address, so this guy is prolific. I saw the IP address when so many calls were being placed, many were failing, and the IP address was in the error messages. (I did also subsequently see it in sip show peers.) These servers don't *appear* to be in the same location as mine, for whatever good geoIP lookup services are. Thanks for posting your experiences. I did not contact abuse, but I also had no idea that this IP would be in business for so long.

I’ve been consistently getting hits from people searching for that IP address, so this guy is prolific. I saw the IP address when so many calls were being placed, many were failing, and the IP address was in the error messages. (I did also subsequently see it in sip show peers.)

These servers don’t *appear* to be in the same location as mine, for whatever good geoIP lookup services are.

]]> By: Marco http://deepliquid.com/blog/archives/19/comment-page-1#comment-35 Marco Wed, 01 Oct 2008 16:03:38 +0000 http://deepliquid.com/blog/?p=19#comment-35 The same people abused my asterisk box, found it out after getting some calls from people, and from not being able to dial out. Found out that they were also using an extension which wasn't used. I changed the passwords, and it got quiet. They were making about 10 calls a minute, I think I found it out fast enough. Found their IP by using 'sip show peers', was easy to spot. Where is your server located? Mine is in the same datacenter as the box abusing my box, which makes things a little bit more 'fishy', I have a feeling they might have used sniffers. But that's just a guess right now. I did file it with abuse@theplanet.com, so hopefully something will come out of it. The same people abused my asterisk box, found it out after getting some calls from people, and from not being able to dial out.

Found out that they were also using an extension which wasn’t used. I changed the passwords, and it got quiet. They were making about 10 calls a minute, I think I found it out fast enough.

Found their IP by using ’sip show peers’, was easy to spot.

Where is your server located? Mine is in the same datacenter as the box abusing my box, which makes things a little bit more ‘fishy’, I have a feeling they might have used sniffers. But that’s just a guess right now.

I did file it with abuse@theplanet.com, so hopefully something will come out of it.

]]> By: Luke http://deepliquid.com/blog/archives/19/comment-page-1#comment-31 Luke Sat, 27 Sep 2008 15:45:35 +0000 http://deepliquid.com/blog/?p=19#comment-31 Hi there, Thank you for posting this to your blog, did you by chance contact the abuse? OrgAbuseHandle: ABUSE271-ARIN OrgAbuseName: The Planet Abuse OrgAbusePhone: +1-281-714-3560 OrgAbuseEmail: abuse@theplanet.com 216.40.234.82 I was happy I was able to Google your blog with the IP address, this server still seems to be doing the same old thing.. I had a couple extensions myself that were insecure and same deal.. I initially though it was another application but after about an 2 hours figured it out. I disabled my trunks during debugging. They got about 500 calls in early this morning. 5am on.. Hi there, Thank you for posting this to your blog, did you by chance contact the abuse?

OrgAbuseHandle: ABUSE271-ARIN
OrgAbuseName: The Planet Abuse
OrgAbusePhone: +1-281-714-3560
OrgAbuseEmail: abuse@theplanet.com
216.40.234.82

I was happy I was able to Google your blog with the IP address, this server still seems to be doing the same old thing.. I had a couple extensions myself that were insecure and same deal.. I initially though it was another application but after about an 2 hours figured it out. I disabled my trunks during debugging. They got about 500 calls in early this morning. 5am on..

]]>