[cisco-voip] vulnerable gateway?

Lelio Fulgenzi lelio at uoguelph.ca
Thu Sep 14 08:40:03 EDT 2006 

I believe all you really need are all the partitions the phones are in and if you are sending any calls to IPCC, you need the partitions the CTI route points and CTI ports are in. In addition, if you are using CTI route points as phantom numbers for forwarding, etc. And any partition that contains translations. 

The best would be to review each of your partitions and decide if Unity has to call it. I don't think there are any hard and fast rules of what it needs, etc. Previous versions of callmanager (3.x and below I believe) that used call forwarding would need access to the partition the voicemail ports are in as well. That was definately a hard and fast rule.

--------------------------------------------------------------------------------
Lelio Fulgenzi, B.A.
Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1
(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
"I can eat fifty eggs." "Nobody can eat fifty eggs."
  ----- Original Message ----- 
  From: Nick Kassel 
  To: Erick Bergquist ; IT ; Voll, Scott ; puckcisco at cumhur.com ; cisco-voip at puck.nether.net 
  Sent: Thursday, September 14, 2006 4:29 AM
  Subject: Re: [cisco-voip] vulnerable gateway?


  What partitions does the Voicemail CSS need to access, we appear to have
  spurious partitions added to this CSS and I'm not sure they need to be
  there?

  -----Original Message-----
  From: cisco-voip-bounces at puck.nether.net
  [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Erick Bergquist
  Sent: Wednesday, September 13, 2006 4:03 AM
  To: IT; Voll, Scott; puckcisco at cumhur.com; cisco-voip at puck.nether.net
  Subject: Re: [cisco-voip] vulnerable gateway?

  You can limit this with the restriction tables in unity and ultimately
  with the CSS set on the Call Manager VM Port configuration. 

  ----- Original Message ----
  From: IT <it at cimgroup.com>
  To: "Voll, Scott" <Scott.Voll at wesd.org>; IT <it at cimgroup.com>;
  puckcisco at cumhur.com; cisco-voip at puck.nether.net
  Sent: Tuesday, September 12, 2006 5:42:04 PM
  Subject: Re: [cisco-voip] vulnerable gateway?

  But where in unity is someone able to route their call to any arbitrary
  phone number?

  -----Original Message-----
  From: Voll, Scott [mailto:Scott.Voll at wesd.org] 
  Sent: Tuesday, September 12, 2006 3:37 PM
  To: IT; puckcisco at cumhur.com; cisco-voip at puck.nether.net
  Subject: RE: [cisco-voip] vulnerable gateway?

  I would agree with TAC per your CDR of CiscoUM-VI1.

  Scott

  -----Original Message-----
  From: cisco-voip-bounces at puck.nether.net
  [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of IT
  Sent: Tuesday, September 12, 2006 3:29 PM
  To: puckcisco at cumhur.com; IT; cisco-voip at puck.nether.net
  Subject: Re: [cisco-voip] vulnerable gateway?

  Actually, I tried both UDP and TCP.
  Would it still show up under a portscan? TAC seems to think they came in
  through voicemail...

  -----Original Message-----
  From: cumbur [mailto:zeus at cumhur.com] On Behalf Of puckcisco at cumhur.com
  Sent: Tuesday, September 12, 2006 3:19 PM
  To: IT; cisco-voip at puck.nether.net
  Subject: RE: [cisco-voip] vulnerable gateway?

  Dear Avidan,

  H323 use TCP 1720 (not udp)  port for call initiation also don't forget
  to
  block SIP ports TCP/UDP 5060.

  Regards.
  Cumhur

  -----Original Message-----
  From: cisco-voip-bounces at puck.nether.net
  [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of IT
  Sent: Wednesday, September 13, 2006 12:59 AM
  To: cisco-voip at puck.nether.net
  Subject: [cisco-voip] vulnerable gateway?

  I just got a call from my long distance provider that someone has been
  using my PRI for many international calls. I check my CDR database
  tables, and it appears that calls have been coming from one of my branch
  office 2801's. But, in the CDR table, the origDeviceName alternates
  between the name of the gateway and CiscoUM-VI1.
  I ran a port scan against the router, and found that h.323 and callbook
  ports were open to the public. I shutdown the interface that had those
  ports open, because when I tried to do a "access-list 100 deny udp any
  any eq 1720" it still shows as open on the portscan.

  How can I secure/lock H.323 on these branch devices?
  How did someone utilize my gateway to make these calls?
  How can I avoid this in the future?

  I guess I should have made sure that the consulting group that set up
  these gateways in the first place locked them down, but hindsight is
  20/20.

  Thanks,
  Avidan

  _______________________________________________
  cisco-voip mailing list
  cisco-voip at puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-voip



  -- 
  No virus found in this incoming message.
  Checked by AVG Free Edition.
  Version: 7.1.405 / Virus Database: 268.12.3/446 - Release Date:
  12/09/2006



  _______________________________________________
  cisco-voip mailing list
  cisco-voip at puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-voip

  _______________________________________________
  cisco-voip mailing list
  cisco-voip at puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-voip




  _______________________________________________
  cisco-voip mailing list
  cisco-voip at puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-voip
  ***********************************************************************************************

  The information contained in this e-mail is strictly confidential, some or all
  of which may be legally privileged. It is for the intended recipient only.
  Access to this e-mail by any other person is prohibited. If you are not the
  intended recipient, any use, disclosure, copying, printing, distribution of,
  replying to or any action taken or omitted to be taken in reliance on this
  e-mail, is prohibited and may be unlawful. Please contact the sender immediately
  should this e-mail have been incorrectly addressed or transmitted.

  You accept that any instructions are deemed to have been given at the time the
  recipient(s) accesses them and that delivery receipt does not constitute
  acknowledgement or receipt by the intended recipient(s). You accept that there
  may be a delay in processing the instructions received from e-mails after
  Charles Stanley has received them. You are advised that urgent, time sensitive
  and confidential communications should not be sent by e-mail. 

  You acknowledge that e-mails are not secure and you accept the risk of
  malfunction, viruses, unauthorised interference, mis-delivery or delay.
  ************************************************************************************************


  Charles Stanley & Co. Ltd
  Registered Office: 25 Luke Street London EC2A 4AR

  Tel: 0207 739 8200 Fax: 0207 739 7798
  Registered in England No. 1903304

  Charles Stanley Sutherlands and Charles Stanley Securities are divisions of Charles Stanley & Co. Ltd

  Authorised and Regulated by the Financial Services Authority, Member of the
  London Stock Exchange, International Securities Markets Association, and The London International Financial Futures &
  Options Exchange.

  This footnote also confirms that this email message has been swept by McAfee
  VirusScan and SurfControl Email Filter software.


  _______________________________________________
  cisco-voip mailing list
  cisco-voip at puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-voip/attachments/20060914/c7fd03da/attachment-0001.html

More information about the cisco-voip mailing list