[cisco-voip] has anyone seen this !

[James Buchanan]

I find it puzzling why anyone would put their production telephone
system on the Internet with no apparent security measures, not even an
access list. Cisco should restrict this I suppose, but some basic
network security practices should also have been followed in this case
during implementation.

 

From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Aman Chugh
Sent: Friday, June 06, 2008 10:50 PM
To: Kelemen Zoltan
Cc: cisco voip
Subject: Re: [cisco-voip] has anyone seen this !

 

Yes , exactly I was told the same thing  and customer is facing a huge
bill.

 

On 6/6/08, Kelemen Zoltan <keli at carocomp.ro> wrote:

 

	I had bitten this bullet in January (
https://puck.nether.net/pipermail/cisco-voip/2008-January/029569.html )
and I'm still perplexed how can Cisco leave this as-is with SIP and
H.323 wide open for public as default settings, while being well aware
of the situation and it's possible consequences.
	
	I've been discussing this issue with some other colleagues as
well in the branch and I know  this has happened to plenty of other
people, in some case causing very serious monetary damage.
	
	regards,
	 Zoltan
	
	Aman Chugh wrote:

	It was SIP ,  disabled sip on the wan port using an ACL to stop
calls going out.
	 Aman
	
	 On 6/6/08, *James Edmondson* <biged7600 at gmail.com
<mailto:biged7600 at gmail.com>> wrote:
	
	   Do you happen to have custom scripts on the CME box? I had
this
	   problem as whoever developed the script left the hole open to
dial
	   anynumber from the AA. 
	   On Thu, Jun 5, 2008 at 2:31 PM, Jorge L. Rodriguez Aguila
	   <jorge.rodriguez at netxar.com
<mailto:jorge.rodriguez at netxar.com>>
	   wrote:
	
	       I would recommend that you do Two things immediately.
Install
	       COR to limit calls and second implement Access List to
Kill
	       H.323 coming from the internet.
	
	        
	       Jorge
	
	        
	       *From:* cisco-voip-bounces at puck.nether.net
	       <mailto:cisco-voip-bounces at puck.nether.net>
	       [mailto:cisco-voip-bounces at puck.nether.net
	       <mailto:cisco-voip-bounces at puck.nether.net>] *On Behalf
Of
	       *Aman Chugh
	       *Sent:* Thursday, June 05, 2008 2:13 PM
	       *To:* cisco voip
	       *Subject:* [cisco-voip] has anyone seen this !
	
	        
	        
	        
	       I have a site with CME and CUE , the internet link is
also
	       terminated on my CME router, apparently some one has
hacked
	       into the router and is using the router calling numbers
in
	       cuba and somalia.  This has caused a huge bill from the
phone
	       company.We have TAC case openned for this, When we shut
the
	       internet link this stops .
	
	        
	       Aman
	
	
	       _______________________________________________
	       cisco-voip mailing list
	       cisco-voip at puck.nether.net
<mailto:cisco-voip at puck.nether.net>
	       https://puck.nether.net/mailman/listinfo/cisco-voip
	
	
	
	
	   --    James
	   _______________________________________________
	   cisco-voip mailing list
	   cisco-voip at puck.nether.net
<mailto:cisco-voip at puck.nether.net>
	   https://puck.nether.net/mailman/listinfo/cisco-voip
	
	
	
------------------------------------------------------------------------
	
	_______________________________________________
	cisco-voip mailing list
	cisco-voip at puck.nether.net
	https://puck.nether.net/mailman/listinfo/cisco-voip
	 

	 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20080607/349780c8/attachment-0001.html>