Ghosts? hackers?


Maybe this case could be off-topic, but indeed it is related to an Asterisk system.

At my office, we have an Asterisk 1.4.0 server placed in a private network behind a firewall appliance and, obviously, Iptables running inside the asterisk server. The VoIP phones Polycom 330, all of them are in the same private network as well. There is no way to access to this system from other network, we haven´t foreign SIP users or something like that.

Today I saw something pretty odd, the phone beside my desktop, unexpectedly start to dial (speaker on) several times, and there wasn’t any person dialing.

I don’t believe in ghosts, I think that someone broke my security and hacked this phone.

I made the checks on such phone, logs in the server, firewall, and nothing. The only evidence is the CDR records showing three completed calls.

I will appreciate so much if someone can give me an idea about what could be happened.



Do a SIP trace. See what IP the traffic is coming from. Check the logs. Are you sure there is no access to the server from the net ?