[cisco-voip] vulnerable gateway?

Thu Sep 14 04:29:52 EDT 2006

What partitions does the Voicemail CSS need to access, we appear to have
spurious partitions added to this CSS and I'm not sure they need to be
there?

-----Original Message-----
From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Erick Bergquist
Sent: Wednesday, September 13, 2006 4:03 AM
To: IT; Voll, Scott; puckcisco at cumhur.com; cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] vulnerable gateway?

You can limit this with the restriction tables in unity and ultimately
with the CSS set on the Call Manager VM Port configuration. 

----- Original Message ----
From: IT <it at cimgroup.com>
To: "Voll, Scott" <Scott.Voll at wesd.org>; IT <it at cimgroup.com>;
puckcisco at cumhur.com; cisco-voip at puck.nether.net
Sent: Tuesday, September 12, 2006 5:42:04 PM
Subject: Re: [cisco-voip] vulnerable gateway?

But where in unity is someone able to route their call to any arbitrary
phone number?

-----Original Message-----
From: Voll, Scott [mailto:Scott.Voll at wesd.org] 
Sent: Tuesday, September 12, 2006 3:37 PM
To: IT; puckcisco at cumhur.com; cisco-voip at puck.nether.net
Subject: RE: [cisco-voip] vulnerable gateway?

I would agree with TAC per your CDR of CiscoUM-VI1.

Scott

-----Original Message-----
From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of IT
Sent: Tuesday, September 12, 2006 3:29 PM
To: puckcisco at cumhur.com; IT; cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] vulnerable gateway?

Actually, I tried both UDP and TCP.
Would it still show up under a portscan? TAC seems to think they came in
through voicemail...

-----Original Message-----
From: cumbur [mailto:zeus at cumhur.com] On Behalf Of puckcisco at cumhur.com
Sent: Tuesday, September 12, 2006 3:19 PM
To: IT; cisco-voip at puck.nether.net
Subject: RE: [cisco-voip] vulnerable gateway?

Dear Avidan,

H323 use TCP 1720 (not udp)  port for call initiation also don't forget
to
block SIP ports TCP/UDP 5060.

Regards.
Cumhur

-----Original Message-----
From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of IT
Sent: Wednesday, September 13, 2006 12:59 AM
To: cisco-voip at puck.nether.net
Subject: [cisco-voip] vulnerable gateway?

I just got a call from my long distance provider that someone has been
using my PRI for many international calls. I check my CDR database
tables, and it appears that calls have been coming from one of my branch
office 2801's. But, in the CDR table, the origDeviceName alternates
between the name of the gateway and CiscoUM-VI1.
I ran a port scan against the router, and found that h.323 and callbook
ports were open to the public. I shutdown the interface that had those
ports open, because when I tried to do a "access-list 100 deny udp any
any eq 1720" it still shows as open on the portscan.

How can I secure/lock H.323 on these branch devices?
How did someone utilize my gateway to make these calls?
How can I avoid this in the future?

I guess I should have made sure that the consulting group that set up
these gateways in the first place locked them down, but hindsight is
20/20.

Thanks,
Avidan

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

-- 
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.405 / Virus Database: 268.12.3/446 - Release Date:
12/09/2006

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
***********************************************************************************************

The information contained in this e-mail is strictly confidential, some or all
of which may be legally privileged. It is for the intended recipient only.
Access to this e-mail by any other person is prohibited. If you are not the
intended recipient, any use, disclosure, copying, printing, distribution of,
replying to or any action taken or omitted to be taken in reliance on this
e-mail, is prohibited and may be unlawful. Please contact the sender immediately
should this e-mail have been incorrectly addressed or transmitted.

You accept that any instructions are deemed to have been given at the time the
recipient(s) accesses them and that delivery receipt does not constitute
acknowledgement or receipt by the intended recipient(s). You accept that there
may be a delay in processing the instructions received from e-mails after
Charles Stanley has received them. You are advised that urgent, time sensitive
and confidential communications should not be sent by e-mail. 

You acknowledge that e-mails are not secure and you accept the risk of
malfunction, viruses, unauthorised interference, mis-delivery or delay.
************************************************************************************************

Charles Stanley & Co. Ltd
Registered Office: 25 Luke Street London EC2A 4AR

Tel: 0207 739 8200 Fax: 0207 739 7798
Registered in England No. 1903304

Charles Stanley Sutherlands and Charles Stanley Securities are divisions of Charles Stanley & Co. Ltd

Authorised and Regulated by the Financial Services Authority, Member of the
London Stock Exchange, International Securities Markets Association, and The London International Financial Futures &
Options Exchange.

This footnote also confirms that this email message has been swept by McAfee
VirusScan and SurfControl Email Filter software.