OXE HACKED BY INTERNET
Posted: 01 Aug 2014 06:19
Hello,
Yesterday, I ve authorized acess of my Oxe R11 to the Internet world. I ve also configured a redirection of the port 5060 to the OXE. Because, I would like to test public SIP trunk but, for the moment, I ve not configured the External gateway. I ve only a local sip gateway configured for my sip phones and for the link with my otms.
This morning, I discover that you have received a lot of calls by the trunk sip (9500 calls). The calling number is 0100 and the call type is PrivateNetworkIncomingCall (on accounting ticket)
On accouting ticket, I find also outgoing calls by my T2 trunk to internationals number (macedonia, israel, ...). The call type is ISDNCircuitSwitchedCall.
Do you know how the kackers get through my trunk sip to calls by my ISDN trunk. For information, the operatrice phone had a lot of calls of 0100.
Example of tickets :
----[/DHS3dyn/account/TAXADJDD.DAT : Ticket number 601/601/607]-----------------
(00) TicketVersion = ED5.2 (01) CalledNumber = 0100
(02) ChargedNumber = FS110 (03) ChargedUserName = SIP
(04) ChargedCostCenter = (05) ChargedCompany =
(06) ChargedPartyNode = 103 (07) Subaddress =
(08) CallingNumber =
(09) CallType = PrivateNetworkIncomingCall
(10) CostType = Unspecified (11) EndDateTime = 20140801 07:27:54
(12) ChargeUnits = 0 (13) CostInfo = 0
(14) Duration = 0 (15) TrunkIdentity = 629
(16) TrunkGroupIdentity = 110 (17) TrunkNode = 103
(18) PersonalOrBusiness = Normal (19) AccessCode =
(20) SpecificChargeInfo = (21) BearerCapability = Speech
(22) HighLevelComp = Telephony (23) DataVolume = 0
(24) UserToUserVolume = 0 (25) ExternFacilities =
(26) InternFacilities = OperatorFacility
(27) CallReference = 0 (28) SegmentsRate1 = 0
(29) SegmentsRate2 = 0 (30) SegmentsRate3 = 0
(31) ComType = Voice (32) X25IncomingFlowRate = Unspecified
(33) X25OutgoingFlowRate = Unspecified (34) Carrier = 0
(35) InitialDialledNumber = 00393199 (36) WaitingDuration = 1
(37) EffectiveCallDuration = 0 (38) RedirectedCallIndicator = 1
(39) StartDateTime = 20140801 07:27:54 (40) ActingExtensionNumber =
(41) CalledNumberNode = 9999 (42) CallingNumberNode = 9999
(43) InitialDialledNumberNode = 9999 (44) ActingExtensionNumberNode = 9999
(45) TransitTrunkGroupIdentity = 32767 (46) NodeTimeOffset = 0
(47) TimeDlt = 0
----[/DHS3dyn/account/TAXADJDD.DAT : Ticket number 602/602/607]-----------------
(00) TicketVersion = ED5.2 (01) CalledNumber = 00393199053246
(02) ChargedNumber = FS110 (03) ChargedUserName = SIP
(04) ChargedCostCenter = (05) ChargedCompany =
(06) ChargedPartyNode = 103 (07) Subaddress =
(08) CallingNumber = (09) CallType = Unspecified
(10) CostType = ISDNCircuitSwitchedCall (11) EndDateTime = 20140801 07:27:54
(12) ChargeUnits = 0 (13) CostInfo = 0
(14) Duration = 0 (15) TrunkIdentity = 4
(16) TrunkGroupIdentity = 100 (17) TrunkNode = 103
(18) PersonalOrBusiness = Normal (19) AccessCode =
(20) SpecificChargeInfo = (21) BearerCapability = Speech
(22) HighLevelComp = Telephony (23) DataVolume = 0
(24) UserToUserVolume = 0
(25) ExternFacilities = CallingLineIdentificationPresentation
(26) InternFacilities = Transit ARSService
(27) CallReference = 0 (28) SegmentsRate1 = 0
(29) SegmentsRate2 = 0 (30) SegmentsRate3 = 0
(31) ComType = Voice (32) X25IncomingFlowRate = Unspecified
(33) X25OutgoingFlowRate = Unspecified (34) Carrier = 0
(35) InitialDialledNumber = 00393199053246
(36) WaitingDuration = 0 (37) EffectiveCallDuration = 0
(38) RedirectedCallIndicator = 0 (39) StartDateTime = 20140801 07:27:54
(40) ActingExtensionNumber = (41) CalledNumberNode = 9999
(42) CallingNumberNode = 9999 (43) InitialDialledNumberNode = 9999
(44) ActingExtensionNumberNode = 9999 (45) TransitTrunkGroupIdentity = 32767
(46) NodeTimeOffset = 0 (47) TimeDlt = 0
----[/DHS3dyn/account/TAXADJDD.DAT : Ticket number 603/603/607]-----------------
(00) TicketVersion = ED5.2 (01) CalledNumber = 00393199053246
(02) ChargedNumber = FS110 (03) ChargedUserName = SIP
(04) ChargedCostCenter = (05) ChargedCompany =
(06) ChargedPartyNode = 103 (07) Subaddress =
(08) CallingNumber = (09) CallType = Unspecified
(10) CostType = ISDNCircuitSwitchedCall (11) EndDateTime = 20140801 07:28:03
(12) ChargeUnits = 0 (13) CostInfo = 0
(14) Duration = 0 (15) TrunkIdentity = 6
(16) TrunkGroupIdentity = 100 (17) TrunkNode = 103
(18) PersonalOrBusiness = Normal (19) AccessCode =
(20) SpecificChargeInfo = (21) BearerCapability = Speech
(22) HighLevelComp = Telephony (23) DataVolume = 0
(24) UserToUserVolume = 0
(25) ExternFacilities = CallingLineIdentificationPresentation
(26) InternFacilities = Transit ARSService
(27) CallReference = 0 (28) SegmentsRate1 = 0
(29) SegmentsRate2 = 0 (30) SegmentsRate3 = 0
(31) ComType = Voice (32) X25IncomingFlowRate = Unspecified
(33) X25OutgoingFlowRate = Unspecified (34) Carrier = 0
(35) InitialDialledNumber = 00393199053246
(36) WaitingDuration = 0 (37) EffectiveCallDuration = 0
(38) RedirectedCallIndicator = 0 (39) StartDateTime = 20140801 07:28:03
(40) ActingExtensionNumber = (41) CalledNumberNode = 9999
(42) CallingNumberNode = 9999 (43) InitialDialledNumberNode = 9999
(44) ActingExtensionNumberNode = 9999 (45) TransitTrunkGroupIdentity = 32767
(46) NodeTimeOffset = 0 (47) TimeDlt = 0
----[/DHS3dyn/account/TAXADJDD.DAT : Ticket number 604/604/607]-----------------
(00) TicketVersion = ED5.2 (01) CalledNumber = 0023221101438
(02) ChargedNumber = FS110 (03) ChargedUserName = SIP
(04) ChargedCostCenter = (05) ChargedCompany =
(06) ChargedPartyNode = 103 (07) Subaddress =
(08) CallingNumber = (09) CallType = Unspecified
(10) CostType = ISDNCircuitSwitchedCall (11) EndDateTime = 20140801 07:28:16
(12) ChargeUnits = 0 (13) CostInfo = 0
(14) Duration = 0 (15) TrunkIdentity = 6
(16) TrunkGroupIdentity = 100 (17) TrunkNode = 103
(18) PersonalOrBusiness = Normal (19) AccessCode =
(20) SpecificChargeInfo = (21) BearerCapability = Speech
(22) HighLevelComp = Telephony (23) DataVolume = 0
(24) UserToUserVolume = 0
(25) ExternFacilities = CallingLineIdentificationPresentation
(26) InternFacilities = Transit ARSService
(27) CallReference = 0 (28) SegmentsRate1 = 0
(29) SegmentsRate2 = 0 (30) SegmentsRate3 = 0
(31) ComType = Voice (32) X25IncomingFlowRate = Unspecified
(33) X25OutgoingFlowRate = Unspecified (34) Carrier = 0
(35) InitialDialledNumber = 0023221101438
(36) WaitingDuration = 0 (37) EffectiveCallDuration = 0
(38) RedirectedCallIndicator = 0 (39) StartDateTime = 20140801 07:28:16
(40) ActingExtensionNumber = (41) CalledNumberNode = 9999
(42) CallingNumberNode = 9999 (43) InitialDialledNumberNode = 9999
(44) ActingExtensionNumberNode = 9999 (45) TransitTrunkGroupIdentity = 32767
(46) NodeTimeOffset = 0 (47) TimeDlt = 0
I have delete the redirection of the port 5060 and since I
Yesterday, I ve authorized acess of my Oxe R11 to the Internet world. I ve also configured a redirection of the port 5060 to the OXE. Because, I would like to test public SIP trunk but, for the moment, I ve not configured the External gateway. I ve only a local sip gateway configured for my sip phones and for the link with my otms.
This morning, I discover that you have received a lot of calls by the trunk sip (9500 calls). The calling number is 0100 and the call type is PrivateNetworkIncomingCall (on accounting ticket)
On accouting ticket, I find also outgoing calls by my T2 trunk to internationals number (macedonia, israel, ...). The call type is ISDNCircuitSwitchedCall.
Do you know how the kackers get through my trunk sip to calls by my ISDN trunk. For information, the operatrice phone had a lot of calls of 0100.
Example of tickets :
----[/DHS3dyn/account/TAXADJDD.DAT : Ticket number 601/601/607]-----------------
(00) TicketVersion = ED5.2 (01) CalledNumber = 0100
(02) ChargedNumber = FS110 (03) ChargedUserName = SIP
(04) ChargedCostCenter = (05) ChargedCompany =
(06) ChargedPartyNode = 103 (07) Subaddress =
(08) CallingNumber =
(09) CallType = PrivateNetworkIncomingCall
(10) CostType = Unspecified (11) EndDateTime = 20140801 07:27:54
(12) ChargeUnits = 0 (13) CostInfo = 0
(14) Duration = 0 (15) TrunkIdentity = 629
(16) TrunkGroupIdentity = 110 (17) TrunkNode = 103
(18) PersonalOrBusiness = Normal (19) AccessCode =
(20) SpecificChargeInfo = (21) BearerCapability = Speech
(22) HighLevelComp = Telephony (23) DataVolume = 0
(24) UserToUserVolume = 0 (25) ExternFacilities =
(26) InternFacilities = OperatorFacility
(27) CallReference = 0 (28) SegmentsRate1 = 0
(29) SegmentsRate2 = 0 (30) SegmentsRate3 = 0
(31) ComType = Voice (32) X25IncomingFlowRate = Unspecified
(33) X25OutgoingFlowRate = Unspecified (34) Carrier = 0
(35) InitialDialledNumber = 00393199 (36) WaitingDuration = 1
(37) EffectiveCallDuration = 0 (38) RedirectedCallIndicator = 1
(39) StartDateTime = 20140801 07:27:54 (40) ActingExtensionNumber =
(41) CalledNumberNode = 9999 (42) CallingNumberNode = 9999
(43) InitialDialledNumberNode = 9999 (44) ActingExtensionNumberNode = 9999
(45) TransitTrunkGroupIdentity = 32767 (46) NodeTimeOffset = 0
(47) TimeDlt = 0
----[/DHS3dyn/account/TAXADJDD.DAT : Ticket number 602/602/607]-----------------
(00) TicketVersion = ED5.2 (01) CalledNumber = 00393199053246
(02) ChargedNumber = FS110 (03) ChargedUserName = SIP
(04) ChargedCostCenter = (05) ChargedCompany =
(06) ChargedPartyNode = 103 (07) Subaddress =
(08) CallingNumber = (09) CallType = Unspecified
(10) CostType = ISDNCircuitSwitchedCall (11) EndDateTime = 20140801 07:27:54
(12) ChargeUnits = 0 (13) CostInfo = 0
(14) Duration = 0 (15) TrunkIdentity = 4
(16) TrunkGroupIdentity = 100 (17) TrunkNode = 103
(18) PersonalOrBusiness = Normal (19) AccessCode =
(20) SpecificChargeInfo = (21) BearerCapability = Speech
(22) HighLevelComp = Telephony (23) DataVolume = 0
(24) UserToUserVolume = 0
(25) ExternFacilities = CallingLineIdentificationPresentation
(26) InternFacilities = Transit ARSService
(27) CallReference = 0 (28) SegmentsRate1 = 0
(29) SegmentsRate2 = 0 (30) SegmentsRate3 = 0
(31) ComType = Voice (32) X25IncomingFlowRate = Unspecified
(33) X25OutgoingFlowRate = Unspecified (34) Carrier = 0
(35) InitialDialledNumber = 00393199053246
(36) WaitingDuration = 0 (37) EffectiveCallDuration = 0
(38) RedirectedCallIndicator = 0 (39) StartDateTime = 20140801 07:27:54
(40) ActingExtensionNumber = (41) CalledNumberNode = 9999
(42) CallingNumberNode = 9999 (43) InitialDialledNumberNode = 9999
(44) ActingExtensionNumberNode = 9999 (45) TransitTrunkGroupIdentity = 32767
(46) NodeTimeOffset = 0 (47) TimeDlt = 0
----[/DHS3dyn/account/TAXADJDD.DAT : Ticket number 603/603/607]-----------------
(00) TicketVersion = ED5.2 (01) CalledNumber = 00393199053246
(02) ChargedNumber = FS110 (03) ChargedUserName = SIP
(04) ChargedCostCenter = (05) ChargedCompany =
(06) ChargedPartyNode = 103 (07) Subaddress =
(08) CallingNumber = (09) CallType = Unspecified
(10) CostType = ISDNCircuitSwitchedCall (11) EndDateTime = 20140801 07:28:03
(12) ChargeUnits = 0 (13) CostInfo = 0
(14) Duration = 0 (15) TrunkIdentity = 6
(16) TrunkGroupIdentity = 100 (17) TrunkNode = 103
(18) PersonalOrBusiness = Normal (19) AccessCode =
(20) SpecificChargeInfo = (21) BearerCapability = Speech
(22) HighLevelComp = Telephony (23) DataVolume = 0
(24) UserToUserVolume = 0
(25) ExternFacilities = CallingLineIdentificationPresentation
(26) InternFacilities = Transit ARSService
(27) CallReference = 0 (28) SegmentsRate1 = 0
(29) SegmentsRate2 = 0 (30) SegmentsRate3 = 0
(31) ComType = Voice (32) X25IncomingFlowRate = Unspecified
(33) X25OutgoingFlowRate = Unspecified (34) Carrier = 0
(35) InitialDialledNumber = 00393199053246
(36) WaitingDuration = 0 (37) EffectiveCallDuration = 0
(38) RedirectedCallIndicator = 0 (39) StartDateTime = 20140801 07:28:03
(40) ActingExtensionNumber = (41) CalledNumberNode = 9999
(42) CallingNumberNode = 9999 (43) InitialDialledNumberNode = 9999
(44) ActingExtensionNumberNode = 9999 (45) TransitTrunkGroupIdentity = 32767
(46) NodeTimeOffset = 0 (47) TimeDlt = 0
----[/DHS3dyn/account/TAXADJDD.DAT : Ticket number 604/604/607]-----------------
(00) TicketVersion = ED5.2 (01) CalledNumber = 0023221101438
(02) ChargedNumber = FS110 (03) ChargedUserName = SIP
(04) ChargedCostCenter = (05) ChargedCompany =
(06) ChargedPartyNode = 103 (07) Subaddress =
(08) CallingNumber = (09) CallType = Unspecified
(10) CostType = ISDNCircuitSwitchedCall (11) EndDateTime = 20140801 07:28:16
(12) ChargeUnits = 0 (13) CostInfo = 0
(14) Duration = 0 (15) TrunkIdentity = 6
(16) TrunkGroupIdentity = 100 (17) TrunkNode = 103
(18) PersonalOrBusiness = Normal (19) AccessCode =
(20) SpecificChargeInfo = (21) BearerCapability = Speech
(22) HighLevelComp = Telephony (23) DataVolume = 0
(24) UserToUserVolume = 0
(25) ExternFacilities = CallingLineIdentificationPresentation
(26) InternFacilities = Transit ARSService
(27) CallReference = 0 (28) SegmentsRate1 = 0
(29) SegmentsRate2 = 0 (30) SegmentsRate3 = 0
(31) ComType = Voice (32) X25IncomingFlowRate = Unspecified
(33) X25OutgoingFlowRate = Unspecified (34) Carrier = 0
(35) InitialDialledNumber = 0023221101438
(36) WaitingDuration = 0 (37) EffectiveCallDuration = 0
(38) RedirectedCallIndicator = 0 (39) StartDateTime = 20140801 07:28:16
(40) ActingExtensionNumber = (41) CalledNumberNode = 9999
(42) CallingNumberNode = 9999 (43) InitialDialledNumberNode = 9999
(44) ActingExtensionNumberNode = 9999 (45) TransitTrunkGroupIdentity = 32767
(46) NodeTimeOffset = 0 (47) TimeDlt = 0
I have delete the redirection of the port 5060 and since I
