ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    FreePBX hardening ...

    Scheduled Pinned Locked Moved IT Discussion
    freepbx
    24 Posts 8 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DashrenderD
      Dashrender @scottalanmiller
      last edited by

      @scottalanmiller said in FreePBX hardening ...:

      @marcinozga said in FreePBX hardening ...:

      @IRJ The scenario described above doesn't look like automated attack, and it's rather unlikely bots would be exploiting PBX to make international calls.

      Actually that's exactly what is done. Bots setting up calls.

      I'm curious - to what end? what's the benefit to them?

      SkyetelS scottalanmillerS 2 Replies Last reply Reply Quote 0
      • SkyetelS
        Skyetel @Dashrender
        last edited by Skyetel

        @Dashrender said in FreePBX hardening ...:

        @scottalanmiller said in FreePBX hardening ...:

        @marcinozga said in FreePBX hardening ...:

        @IRJ The scenario described above doesn't look like automated attack, and it's rather unlikely bots would be exploiting PBX to make international calls.

        Actually that's exactly what is done. Bots setting up calls.

        I'm curious - to what end? what's the benefit to them?

        Typically bots will call international Toll Free numbers where fraudsters can charge insanely high per-min rates. Toll Fraud (its official name) can be insanely expensive (like $100k phone bill expensive). We are pretty insane with our fraud prevention to avoid this.

        Edit - we describe the kinds of fraud we've seen here: https://skyetel.atlassian.net/wiki/spaces/SUG/pages/243761174/High+Cost+Calling
        It also describes how our fraud prevention works.

        1 Reply Last reply Reply Quote 1
        • scottalanmillerS
          scottalanmiller @Dashrender
          last edited by

          @Dashrender said in FreePBX hardening ...:

          @scottalanmiller said in FreePBX hardening ...:

          @marcinozga said in FreePBX hardening ...:

          @IRJ The scenario described above doesn't look like automated attack, and it's rather unlikely bots would be exploiting PBX to make international calls.

          Actually that's exactly what is done. Bots setting up calls.

          I'm curious - to what end? what's the benefit to them?

          It's big money. Huge money. If you hack a phone system and get free calling to high cost places, then sell that to people making calls at low rates, you can undercut other phone carriers, and pay nothing. So the profit on it is huge.

          Imagine being able to run a whole phone company, at essentially zero cost.

          SkyetelS 1 Reply Last reply Reply Quote 0
          • SkyetelS
            Skyetel @scottalanmiller
            last edited by

            @scottalanmiller said in FreePBX hardening ...:

            @Dashrender said in FreePBX hardening ...:

            @scottalanmiller said in FreePBX hardening ...:

            @marcinozga said in FreePBX hardening ...:

            @IRJ The scenario described above doesn't look like automated attack, and it's rather unlikely bots would be exploiting PBX to make international calls.

            Actually that's exactly what is done. Bots setting up calls.

            I'm curious - to what end? what's the benefit to them?

            It's big money. Huge money. If you hack a phone system and get free calling to high cost places, then sell that to people making calls at low rates, you can undercut other phone carriers, and pay nothing. So the profit on it is huge.

            Imagine being able to run a whole phone company, at essentially zero cost.

            Or sell illegal calling cards. Thats really common too.

            scottalanmillerS JaredBuschJ 2 Replies Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @Skyetel
              last edited by

              @Skyetel said in FreePBX hardening ...:

              @scottalanmiller said in FreePBX hardening ...:

              @Dashrender said in FreePBX hardening ...:

              @scottalanmiller said in FreePBX hardening ...:

              @marcinozga said in FreePBX hardening ...:

              @IRJ The scenario described above doesn't look like automated attack, and it's rather unlikely bots would be exploiting PBX to make international calls.

              Actually that's exactly what is done. Bots setting up calls.

              I'm curious - to what end? what's the benefit to them?

              It's big money. Huge money. If you hack a phone system and get free calling to high cost places, then sell that to people making calls at low rates, you can undercut other phone carriers, and pay nothing. So the profit on it is huge.

              Imagine being able to run a whole phone company, at essentially zero cost.

              Or sell illegal calling cards. Thats really common too.

              yeah, I imagine that that is the main way of selling that kind of service.

              1 Reply Last reply Reply Quote 0
              • SkyetelS
                Skyetel
                last edited by

                Another really common type of Fraud is actually Inbound. Some companies will actually pay people to deliver calls to Toll Free numbers. (This is because Toll Free carriers give kickbacks to the parties who send calls to them). This makes it so that if a party calls a Toll Free number, they'll get a (very very small) per-min kickback. If they call enough Toll Free numbers and keep them on the line for a long time, they can make a lot of money.

                So if you have any Toll Free numbers, make sure they go to an IVR or a Voicemail box that has a timeout :).

                1 Reply Last reply Reply Quote 1
                • JaredBuschJ
                  JaredBusch @Skyetel
                  last edited by JaredBusch

                  @Skyetel said in FreePBX hardening ...:

                  @scottalanmiller said in FreePBX hardening ...:

                  @Dashrender said in FreePBX hardening ...:

                  @scottalanmiller said in FreePBX hardening ...:

                  @marcinozga said in FreePBX hardening ...:

                  @IRJ The scenario described above doesn't look like automated attack, and it's rather unlikely bots would be exploiting PBX to make international calls.

                  Actually that's exactly what is done. Bots setting up calls.

                  I'm curious - to what end? what's the benefit to them?

                  It's big money. Huge money. If you hack a phone system and get free calling to high cost places, then sell that to people making calls at low rates, you can undercut other phone carriers, and pay nothing. So the profit on it is huge.

                  Imagine being able to run a whole phone company, at essentially zero cost.

                  Or sell illegal calling cards. Thats really common too.

                  Or simply being the telco charging the high rate. You setup bots to call into your system and sit there holding the connection.

                  1 Reply Last reply Reply Quote 0
                  • JaredBuschJ
                    JaredBusch @JaredBusch
                    last edited by

                    @JaredBusch said in FreePBX hardening ...:

                    So I tested.

                    The codes do appear to work on an inbound call, contrary to what that patch shows.

                    I cannot make it transfer in such a way as my inbound call stays on the call though.

                    But I can make the recipient side, such as my extension, be connected to some random number, potentially causing toll charges.

                    1. Call DID
                    2. Press *2 or ##
                    3. Hear "transfer" and then dialtone.
                    4. Dial a valid number
                    5. Call is connected.

                    I would expect that *2 attended transfer could be abused like this, but I could not get it to talk.

                    hahahaha wait.. i was testing from another FreePBX system.. as that was an outbound call, of course it was allowed to make the transfer...

                    So I disabled *2 and ## on the PBX I was calling out from.

                    No, I cannot dial in to a FreePBX system and make this work.

                    Totally patched 3 years ago.

                    1 Reply Last reply Reply Quote 0
                    • B
                      BraswellJay @JaredBusch
                      last edited by

                      @JaredBusch said in FreePBX hardening ...:

                      @BraswellJay said in FreePBX hardening ...:

                      It appears that as currently set up, our FreePBX instance would suffer from this same kind of attack.

                      I would love it if you can prove this.

                      Because this was patched 3 years ago.

                      Just to follow up, I guess I effed up. I thought I had successfully done this but as you said it is not possible.

                      1 Reply Last reply Reply Quote 0
                      • F
                        flaxking @marcinozga
                        last edited by flaxking

                        @marcinozga said in FreePBX hardening ...:

                        @IRJ The scenario described above doesn't look like automated attack, and it's rather unlikely bots would be exploiting PBX to make international calls.

                        I think this is the first episode of the Darknet Diaries

                        1 Reply Last reply Reply Quote 0
                        • 1
                        • 2
                        • 2 / 2
                        • First post
                          Last post