Our asterisk box was hacked into and some international calls were made. The voice provider picked it up and disabled international dialling.
In the CDR logs I can see the extension that was used to make these calls but what other logs could assist me to trying to figure out how the hack happened. I am looking for what IP address registered onto this extension or any other useful information.
Any help would be appreciated.