Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Need help - PBX was hacked.

Status
Not open for further replies.
Noob2012

Noob2012

Technical User
Dec 22, 2012
3
CA
Our telco has discontinued our LD service because of calls made to certain numbers.
I had played around with SIP extensions on a 3300 (MCD 5.0), but I did not use any security (passwords etc) I just toyed with them, and never used them much, but a few stations had Softphones connected (xlite). When I did a quick look at all programmed IP sets, I saw many of these sets connected with our internal IP range, but 4 were using the same external/foreign IP. That reminded me that I had just enabled VOIP options on our sonicwall firewall to this IP (mitel), was going to try using a polycom SIP set externally, instead of teleworkers. I left this firewall rule enabled and believe this is how the calls were placed.
MY QUESTION is; how can I check where a call to a specific number was placed. ie, 2220202020 was called by ext 3000 at 15:11:34 2012/12/20 or something. I can be sure that our 'hole' was plugged.

Thank you in advance.
 
Sort by date Sort by votes
smdr records, they are buffered but it depends on how long ago the calls were made....you connect by telnet on port 1752 using tcp/ip streaming (it also downloads the buffer. you can also record to a file using putty or something similar.
 
Upvote 0 Downvote
So if the calls were made yesterday, and I dont/didn't have anything attached and buffering the SMDR info, I have nothing historic to investigate?

Thanks for the awesomely quick response BTW!

T
 
Upvote 0 Downvote
depends on how many calls have been made but you will have calls in the buffer....just telnet into 1752 and see what you get, you won't do any harm.
 
Upvote 0 Downvote
I tried that, but didnt get any type of response in telnet or in putty. I checked the SMDR settings in System feature Settings -> SMDR Options, and the only thing set to yes in there is 'SMDR Meter Unit per Station'. Are there specific commands to use once the connection is established?

T
 
Upvote 0 Downvote
Check extensions class of service to see if they have it enabled or not...nope, I've only ever logged in with telnbet (using putty to 1752 and the 3300's ip address and it just streams any information either from the buffer or from calls being made....
 
Upvote 0 Downvote
if cos is configured to log smdr and you know the number dialed, from maintenance type logs read smdr all match and the number dialed, as stated before the log buffer is only so many records.
 
Upvote 0 Downvote
The SMDR buffer is 20,000 call records by default, so I wouldn't be concerned with losing records

SMDR does have to be enabled to track calls and I would assume it was not.

**********************************************
What's most important is that you realise ... There is no spoon.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ctamir
  • Locked
  • Question
mitel 6920 on panasonic pbx
Replies
1
Views
479
bojo3871
bojo3871
sarakodi1228
  • Locked
  • Question
Need Help Palm Beach Florida MITEL
Replies
1
Views
405
webnoc119
webnoc119
kwbMitel
  • Locked
  • Question
Need help getting IMAT working
Replies
8
Views
390
dirtcheap
dirtcheap
Tech guy 297
  • Locked
  • Question
ICP/PBX Networking > IP networking > Network IP adress
Replies
4
Views
278
Billz66
Billz66
ksrichard
  • Locked
  • Question
please HELP!! I need MCD4.1 SP2PR1 10.1.2.16 SOFTWARE to repair S.O.S
Replies
0
Views
132
ksrichard
ksrichard

Part and Inventory Search

Sponsor

Back
Top