Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here


Need help - PBX was hacked.

Need help - PBX was hacked.

Need help - PBX was hacked.

Our telco has discontinued our LD service because of calls made to certain numbers.
I had played around with SIP extensions on a 3300 (MCD 5.0), but I did not use any security (passwords etc) I just toyed with them, and never used them much, but a few stations had Softphones connected (xlite). When I did a quick look at all programmed IP sets, I saw many of these sets connected with our internal IP range, but 4 were using the same external/foreign IP. That reminded me that I had just enabled VOIP options on our sonicwall firewall to this IP (mitel), was going to try using a polycom SIP set externally, instead of teleworkers. I left this firewall rule enabled and believe this is how the calls were placed.
MY QUESTION is; how can I check where a call to a specific number was placed. ie, 2220202020 was called by ext 3000 at 15:11:34 2012/12/20 or something. I can be sure that our 'hole' was plugged.

Thank you in advance.

RE: Need help - PBX was hacked.

smdr records, they are buffered but it depends on how long ago the calls were made....you connect by telnet on port 1752 using tcp/ip streaming (it also downloads the buffer. you can also record to a file using putty or something similar.

RE: Need help - PBX was hacked.

So if the calls were made yesterday, and I dont/didn't have anything attached and buffering the SMDR info, I have nothing historic to investigate?

Thanks for the awesomely quick response BTW!


RE: Need help - PBX was hacked.

depends on how many calls have been made but you will have calls in the buffer....just telnet into 1752 and see what you get, you won't do any harm.

RE: Need help - PBX was hacked.

I tried that, but didnt get any type of response in telnet or in putty. I checked the SMDR settings in System feature Settings -> SMDR Options, and the only thing set to yes in there is 'SMDR Meter Unit per Station'. Are there specific commands to use once the connection is established?


RE: Need help - PBX was hacked.

Check extensions class of service to see if they have it enabled or not...nope, I've only ever logged in with telnbet (using putty to 1752 and the 3300's ip address and it just streams any information either from the buffer or from calls being made....

RE: Need help - PBX was hacked.

if cos is configured to log smdr and you know the number dialed, from maintenance type logs read smdr all match and the number dialed, as stated before the log buffer is only so many records.

RE: Need help - PBX was hacked.

The SMDR buffer is 20,000 call records by default, so I wouldn't be concerned with losing records

SMDR does have to be enabled to track calls and I would assume it was not.

What's most important is that you realise ... There is no spoon.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close