[cisco-voip] vulnerable gateway?
puckcisco at cumhur.com
puckcisco at cumhur.com
Tue Sep 12 18:59:15 EDT 2006
Also read this article, check passwords and other details.
http://neworder.box.sk/newsread.php?newsid=13082
Try to trace your CDR maybe you will find entry point.
-----Original Message-----
From: IT [mailto:it at cimgroup.com]
Sent: Wednesday, September 13, 2006 1:42 AM
To: Voll, Scott; IT; puckcisco at cumhur.com; cisco-voip at puck.nether.net
Subject: RE: [cisco-voip] vulnerable gateway?
But where in unity is someone able to route their call to any arbitrary
phone number?
-----Original Message-----
From: Voll, Scott [mailto:Scott.Voll at wesd.org]
Sent: Tuesday, September 12, 2006 3:37 PM
To: IT; puckcisco at cumhur.com; cisco-voip at puck.nether.net
Subject: RE: [cisco-voip] vulnerable gateway?
I would agree with TAC per your CDR of CiscoUM-VI1.
Scott
-----Original Message-----
From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of IT
Sent: Tuesday, September 12, 2006 3:29 PM
To: puckcisco at cumhur.com; IT; cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] vulnerable gateway?
Actually, I tried both UDP and TCP.
Would it still show up under a portscan? TAC seems to think they came in
through voicemail...
-----Original Message-----
From: cumbur [mailto:zeus at cumhur.com] On Behalf Of puckcisco at cumhur.com
Sent: Tuesday, September 12, 2006 3:19 PM
To: IT; cisco-voip at puck.nether.net
Subject: RE: [cisco-voip] vulnerable gateway?
Dear Avidan,
H323 use TCP 1720 (not udp) port for call initiation also don't forget to
block SIP ports TCP/UDP 5060.
Regards.
Cumhur
-----Original Message-----
From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of IT
Sent: Wednesday, September 13, 2006 12:59 AM
To: cisco-voip at puck.nether.net
Subject: [cisco-voip] vulnerable gateway?
I just got a call from my long distance provider that someone has been using
my PRI for many international calls. I check my CDR database tables, and it
appears that calls have been coming from one of my branch office 2801's.
But, in the CDR table, the origDeviceName alternates between the name of the
gateway and CiscoUM-VI1.
I ran a port scan against the router, and found that h.323 and callbook
ports were open to the public. I shutdown the interface that had those ports
open, because when I tried to do a "access-list 100 deny udp any any eq
1720" it still shows as open on the portscan.
How can I secure/lock H.323 on these branch devices?
How did someone utilize my gateway to make these calls?
How can I avoid this in the future?
I guess I should have made sure that the consulting group that set up these
gateways in the first place locked them down, but hindsight is 20/20.
Thanks,
Avidan
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.405 / Virus Database: 268.12.3/446 - Release Date:
12/09/2006
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.405 / Virus Database: 268.12.3/446 - Release Date: 12/09/2006
More information about the cisco-voip
mailing list