[cisco-voip] vulnerable gateway?
IT
it at cimgroup.com
Tue Sep 12 17:59:10 EDT 2006
I just got a call from my long distance provider that someone has been
using my PRI for many international calls. I check my CDR database
tables, and it appears that calls have been coming from one of my branch
office 2801's. But, in the CDR table, the origDeviceName alternates
between the name of the gateway and CiscoUM-VI1.
I ran a port scan against the router, and found that h.323 and callbook
ports were open to the public. I shutdown the interface that had those
ports open, because when I tried to do a "access-list 100 deny udp any
any eq 1720" it still shows as open on the portscan.
How can I secure/lock H.323 on these branch devices?
How did someone utilize my gateway to make these calls?
How can I avoid this in the future?
I guess I should have made sure that the consulting group that set up
these gateways in the first place locked them down, but hindsight is
20/20.
Thanks,
Avidan
More information about the cisco-voip
mailing list