Asterisk

How to prevent "302 redirect" attack?

Hello.
My asterisk is being hacked. An incoming call comes to the number 950000000. Asterisk calls the device (linksys ata) with this number. While everything is ok. But the device, instead of answering the call, makes a redirect (sends “302 Moved Temporarily”) to some foreign number. After that, asterisk tries to call this number. Moreover, after a call to the CDR, it is not visible who made the redirect. Only the caller's number and the foreign number where the redirect was made are visible. Accordingly, I have no one to charge for the call.
Here is what is seen in the console after linksys sends a sip packet with a redirect
- Got SIP response 302 "Moved Temporarily" back from 171.151.111.61
- Now forwarding SIP/1.1.1.1-adb0c890 to 'Local/[email protected]' (thanks to SIP/950000000-aea36918)
- Executing [[email protected]:1] Hangup("Local/[email protected];2", "") in new stack
As far as I understand, if instead of Hangup I had a Dial command in my dialplan (calls to such numbers would be allowed), the attack would work.
Actually questions.
- How to save the original context during a redirect? .. In CDRs, you can see that an outgoing call attempt is made in the context of linksys-a, and not in the context of incoming calls.
- How to display the extension that the redirect made in CDRs?