Strange PBX CDR Entries



  • So here's a sample from my one extension FreePBX lab box. With my one experience with toll fraud at my last company, I'm quite interested in figuring out what's going on.
    0_1538534846428_9c54b703-710b-4d6b-aabd-5681d32e85f0-image.png

    Looking at voip.ms and seeing 4 total calls for today (time in the above picture is UTC), this looks like traffic isn't coming from or going out the PSTN.

    Here is the detail for the first entry from the above log.
    0_1538535044975_41ef79e3-13f7-464d-8cd4-bcdf4c61d135-image.png

    My suspicion (because of the from-sip-external) context, is this is a SIP request from $badBot trying to make a call to extension 9121. . .

    From my SIP settings (pretty sure this is default for FreePBX), it looks like I do allow guests, but not anonymous inbound SIP calls.
    0_1538535425665_1f9662c9-1a91-4e56-b6cd-32ade950ab7d-image.png

    Is my suspicion right?



  • @eddiejennings said in Strange PBX CDR Entries:

    So here's a sample from my one extension FreePBX lab box. With my one experience with toll fraud at my last company, I'm quite interested in figuring out what's going on.
    0_1538534846428_9c54b703-710b-4d6b-aabd-5681d32e85f0-image.png

    Looking at voip.ms and seeing 4 total calls for today (time in the above picture is UTC), this looks like traffic isn't coming from or going out the PSTN.

    Here is the detail for the first entry from the above log.
    0_1538535044975_41ef79e3-13f7-464d-8cd4-bcdf4c61d135-image.png

    My suspicion (because of the from-sip-external) context, is this is a SIP request from $badBot trying to make a call to extension 9121. . .

    From my SIP settings (pretty sure this is default for FreePBX), it looks like I do allow guests, but not anonymous inbound SIP calls.
    0_1538535425665_1f9662c9-1a91-4e56-b6cd-32ade950ab7d-image.png

    Is my suspicion right?

    This is correct. You don't want that on unless you plan to setup direct SIP URI calling, not through a trunk.



  • I've disallowed SIP guests. We'll see if I get future CDR entries like these.



  • @eddiejennings said in Strange PBX CDR Entries:

    I've disallowed SIP guests. We'll see if I get future CDR entries like these.

    You won't.