[AusNOG] High number of inbound automated Chinese language calls on AAPT CTS
Chris Hurley
chris at minopher.net.au
Sat Oct 28 20:41:11 EST 2017
It¹s the old story locks are only for honest people. Spammers/Scammers
almost always find a way to get their stuff through but legitimate emails
get blocked.
Which is not to say one shouldn¹t lock things down as tightly as possible,
and adjust security regularly or as required. Had one customer the hackings
had been probing for 5 years, on /off /burst, Until they finally found a
small crack then the flood of spam and different site VOIP calls.
Check your logs regularly.
Cheers,
Chris Hurley
From: AusNOG <ausnog-bounces at lists.ausnog.net> on behalf of Andrew Yager
<andrew at rwts.com.au>
Date: Saturday, 28 October 2017 at 2:54 pm
To: Mark Stewart <mark at nabc.com.au>, Matt Perkins <matt at spectrum.com.au>,
jay binks <jaybinks at gmail.com>, "ausnog at lists.ausnog.net"
<ausnog at lists.ausnog.net>
Subject: Re: [AusNOG] High number of inbound automated Chinese language
calls on AAPT CTS
They are spoofing source CLI so masking/monitoring CLI is useless. We have
had downstream customers whose business has been significantly impacted by
having their CLI used recently as an advertised number in scams similar to
this at least twice this year.
Someone has loose ACLs on their inbound and doesn¹t check their customers
properly... :(
And yes, it definitely isn¹t limited to AAPT. Just had one today to my DID
on a Symbio inbound number.
Andrew
Get Outlook for iOS <https://aka.ms/o0ukef>
From: AusNOG <ausnog-bounces at lists.ausnog.net> on behalf of Mark Stewart
<mark at nabc.com.au>
Sent: Friday, October 27, 2017 5:12:18 PM
To: Matt Perkins; jay binks; AusNOG at lists.ausnog.net
Subject: Re: [AusNOG] High number of inbound automated Chinese language
calls on AAPT CTS
Had a conversation with my Telstra guys this week in relation to phone
system hacking where phone systems were being breached and then
systematically being used to autodial numbers.
The breaches can be occurred via
Voicemail port hack is where their default pin number for their voicemail is
the same has their 100 dial in number.
SIP / VoIP credentials can be hacked / obtained and then assume that SIP
network.
Alternatively, their entire network has been hacked and the hacker is
sniffing for IP Phone system and then interface into it to make calls.
From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Matt
Perkins
Sent: Friday, 27 October 2017 12:33 PM
To: jay binks <jaybinks at gmail.com>; AusNOG at lists.ausnog.net
Subject: Re: [AusNOG] High number of inbound automated Chinese language
calls on AAPT CTS
Hi Jay,
Unwelcome Communications procedure only work when you have the source
numbers. It's hard to give the CTS provider ~10,000 source numbers ;) They
are trying however to chase it up. No it's not coming from a sip gateway.
This equipment is not on the internet.
Matt.
On 27/10/17 3:22 pm, jay binks wrote:
>
> There are methods for dealing with unwelcome or nuisance calls.
>
> It's not always effective, but its worth a try.
>
>
>
> If your calls fit the definition of an "UNWELCOME COMMUNICATIONS" you may be
> able to utilise http://www.commsalliance.com.au/Documents/all/codes/c525.
>
>
>
> The OP may have a claim to this with 3000 calls within 4 hours.
>
> Contact your CSP. "C/CSPs must assist end users in receipt of unwelcome
> messages where it is reasonably possible to do so "
>
>
>
> They may only pass the complaint on to the originating carrier, but you might
> get lucky.
>
>
>
> The other thing I initially thought of when I saw this ( but it seems like its
> probably not the case after reading other peoples accounts ).
>
> Make sure your SIP equipment only accepts SIP from your SIP provider.
> Sometimes you find people scanning your network, doing this sort of thing.
>
>
>
> Good luck !
>
>
>
> Jay
>
>
>
> On 27 October 2017 at 14:12, Matt Perkins <matt at spectrum.com.au> wrote:
>>
>> The volumes we are getting are stunning if it's not targeted at AAPT. as it
>> appears it's not from some of the on/off list responses. We have had over
>> 3000 calls in the last 4 hours. This has been going on for almost 4 days.
>>
>>
>> Matt.
>>
>>
>>
>>
>> On 27/10/17 2:51 pm, Tom.Minchin at csiro.au wrote:
>>
>>> We are getting runs of these to a Sydney and a Melbourne site. We are
>>> Telstra inbound.
>>>
>>>
>>> On Fri, Oct 27, 2017 at 1:55 PM +1100, "Andrew Yager" <andrew at rwts.com.au>
>>> wrote:
>>>>
>>>> Hi Matt,
>>>>
>>>>
>>>>
>>>> We have seen multiple instances of this over the last couple of months to
>>>> different number blocks.
>>>>
>>>>
>>>>
>>>> It's usually a Mandarin message claiming to be from the ATO.
>>>>
>>>>
>>>>
>>>> Have logged a few complaints on a few of them; have not got anywhere useful
>>>> because each number is called "once" and doesn't meet the threshold for a
>>>> nuisance claim.
>>>>
>>>>
>>>>
>>>> If any of my upstreams want to care though I'm happy to provide more
>>>> details :) (nudge nudge)
>>>>
>>>>
>>>>
>>>> Andrew
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 27 October 2017 at 13:34, Matt Perkins <matt at spectrum.com.au> wrote:
>>>>> Here's some Friday fun.
>>>>>
>>>>> Are there any people with AAPT CTS that are receiving very high volumes
>>>>> (500 an hour) of a Chinese language automated message. Numbers dialed in
>>>>> appear to be random within a routed ranges they also appear to be using
>>>>> random calling id's some start with 028009XX. Im told that the message
>>>>> says it's from the Chinese consulate and ask you to push zero. I suspect
>>>>> they are trying to determine which numbers have Chinese language speakers
>>>>> answer for some later scam. But only appears to be on AAPT CTS. We have
>>>>> CTS with a few other carriers and seeing nothing on those inbound.
>>>>>
>>>>> Interested to see if others are receiving same.
>>>>>
>>>>> Matt.
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> /* Matt Perkins
>>>>> Direct 1300 137 379 <tel:1300%20137%20379> Spectrum
>>>>> Networks Ptd. Ltd.
>>>>> Office 1300 133 299 <tel:1300%20133%20299>
>>>>> matt at spectrum.com.au
>>>>> Level 6, 350 George Street Sydney 2000
>>>>> Spectrum Networks is a member of the Communications Alliance & TIO
>>>>> */
>>>>>
>>>>> _______________________________________________
>>>>> AusNOG mailing list
>>>>> AusNOG at lists.ausnog.net
>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Andrew Yager, CEO (BCompSc, JNCIS-SP, MACS (Snr) CP)
>>>>
>>>> Real World Technology Solutions - IT People you can trust
>>>>
>>>> Voice | Data | IT Procurement | Managed IT
>>>>
>>>> rwts.com.au <http://rwts.com.au> | 1300 798 718 <tel:1300%20798%20718>
>>>>
>>>>
>>>>
>>>> Real World is a DellEMC Gold Partner
>>>>
>>>>
>>>>
>>>> This document should be read only by those persons to whom it is addressed
>>>> and its content is not intended for use by any other persons. If you have
>>>> received this message in error, please notify us immediately. Please also
>>>> destroy and delete the message from your computer. Any unauthorised form of
>>>> reproduction of this message is strictly prohibited. We are not liable for
>>>> the proper and complete transmission of the information contained in this
>>>> communication, nor for any delay in its receipt. Please consider the
>>>> environment before printing this e-mail.
>>
>> --
>> /* Matt Perkins
>> Direct 1300 137 379 <tel:1300%20137%20379> Spectrum Networks
>> Ptd. Ltd.
>> Office 1300 133 299 <tel:1300%20133%20299>
>> matt at spectrum.com.au
>> Level 6, 350 George Street Sydney 2000
>> Spectrum Networks is a member of the Communications Alliance & TIO
>> */
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
> --
>
> Sincerely
>
> Jay
--
/* Matt Perkins
Direct 1300 137 379 Spectrum Networks Ptd. Ltd.
Office 1300 133 299 matt at spectrum.com.au
Level 6, 350 George Street Sydney 2000
Spectrum Networks is a member of the Communications Alliance & TIO
*/
_______________________________________________ AusNOG mailing list
AusNOG at lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20171028/b1d93693/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ~WRD000.jpg
Type: image/jpeg
Size: 823 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20171028/b1d93693/attachment.jpg>
More information about the AusNOG
mailing list