Interesting weekend. Client (has trunks with us) is running about a dozen or so TOS3000's, two of them on different (completely different) networks both got compromised. My first guess is: crappy administration (username/password) but there *may* be something else who knows. (Hardcoded passwords, an exploit) In either event, dumping these here, all fraudulent calls that were placed. You'd notice you can see them try to dial a 9+country code, 8+country code, and so forth. All of these has 011 stripped ;) So when you see those top two, its likely someone tried: 01101144xxxxxxxxxx Hopefully others can get an idea on areas/countries to block. CC'd to VoIPSec since some of us are there as well and others aren't. Interested to know what other ITSPs are doing with regards to having clients (who do trunks) configure their PBXs and dialplans securely. Maybe its time for a (non)NIST-SP-VOIP-BEST-PRACTICE document? --------------// DST numbers dialed (sorted uniquely) 011442070439799 011972598841890 22478111520 22478222520 25230221540 25240113280 25240113990 25240129690 25240213000 25240230440 25240700270 25240900880 25240901099 25240911012 25270000040 25270300410 25270600240 25270700940 25270903440 25299180970 25299273230 25299378600 254203038015 255411400630 255411410310 261200100030 261200300030 263771061040 263771301130 263772791140 263773446120 37125020620 37127971452 37168521352 37178519030 37181818200 37190603360 37270203290 37270231340 37745598028 441223916199 881800000040 881835211060 881835311940 881945110487 9011441223916199 9011442070439799 9011972598841890 901442070439799 9441223916199 96897893561 96897903038 972592204481 972592250961 972592663085 -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM "Where ignorance is our master, there is no possibility of real peace" - Dalai Lama 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF