
<html>


<head>


<meta http-equiv=Content-Type content="text/html; charset=us-ascii">


<meta name=Generator content="Microsoft Word 11 (filtered)">


<style>


<!--


 /* Font Definitions */


 @font-face


        {font-family:Tahoma;


        panose-1:2 11 6 4 3 5 4 4 2 4;}


 /* Style Definitions */


 p.MsoNormal, li.MsoNormal, div.MsoNormal


        {margin:0in;


        margin-bottom:.0001pt;


        font-size:12.0pt;


        font-family:"Times New Roman";}


a:link, span.MsoHyperlink


        {color:blue;


        text-decoration:underline;}


a:visited, span.MsoHyperlinkFollowed


        {color:blue;


        text-decoration:underline;}


span.EmailStyle17


        {font-family:Arial;


        color:navy;}


@page Section1


        {size:595.3pt 841.9pt;


        margin:1.0in 1.25in 1.0in 1.25in;}


div.Section1


        {page:Section1;}


-->


</style>


</head>


<body bgcolor=white lang=EN-GB link=blue vlink=blue>


<div class=Section1>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>Thanks Lelio</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>&nbsp;</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>I thought that was the case but didn&#8217;t


want to remove them too soon just in case.</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>&nbsp;</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>&nbsp;</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:


10.0pt;font-family:Arial;color:navy'>&nbsp;</span></font></p>


<div>


<div class=MsoNormal align=center style='text-align:center'><font size=3


face="Times New Roman"><span lang=EN-US style='font-size:12.0pt'>


<hr size=2 width="100%" align=center tabindex=-1>


</span></font></div>


<p class=MsoNormal><b><font size=2 face=Tahoma><span lang=EN-US


style='font-size:10.0pt;font-family:Tahoma;font-weight:bold'>From:</span></font></b><font


size=2 face=Tahoma><span lang=EN-US style='font-size:10.0pt;font-family:Tahoma'>


Lelio Fulgenzi [mailto:lelio@uoguelph.ca] <br>


<b><span style='font-weight:bold'>Sent:</span></b> Thursday, September 14, 2006


1:40 PM<br>


<b><span style='font-weight:bold'>To:</span></b> Nick Kassel; Erick Bergquist;


IT; Voll, Scott; puckcisco@cumhur.com; cisco-voip@puck.nether.net<br>


<b><span style='font-weight:bold'>Subject:</span></b> Re: [cisco-voip]


vulnerable gateway?</span></font></p>


</div>


<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:


12.0pt'>&nbsp;</span></font></p>


<div>


<p class=MsoNormal><font size=2 face="Times New Roman"><span style='font-size:


10.0pt'>I believe all you really need are all the partitions the phones are in


and if you are sending any calls to IPCC, you need the partitions the CTI route


points and CTI ports are in. In addition, if you are using CTI route points as


phantom numbers for forwarding, etc. And any partition that contains


translations. </span></font></p>


</div>


<div>


<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:


12.0pt'>&nbsp;</span></font></p>


</div>


<div>


<p class=MsoNormal><font size=2 face="Times New Roman"><span style='font-size:


10.0pt'>The best would be to review each of your partitions and decide if Unity


has to call it. I don't think there are any hard and fast rules of what it


needs, etc. Previous versions of callmanager (3.x and below I believe) that


used call forwarding would need access to the partition the voicemail ports are


in as well. That was definately a hard and fast rule.</span></font></p>


</div>


<div>


<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:


12.0pt'>&nbsp;</span></font></p>


</div>


<div>


<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:


12.0pt'>--------------------------------------------------------------------------------<br>


Lelio Fulgenzi, B.A.<br>


Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1<br>


(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)<br>


^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ <br>


&quot;I can eat fifty eggs.&quot; &quot;Nobody can eat fifty eggs.&quot;</span></font></p>


</div>


<blockquote style='border:none;border-left:solid black 1.5pt;padding:0in 0in 0in 4.0pt;


margin-left:3.75pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'>


<div>


<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;


font-family:Arial'>----- Original Message ----- </span></font></p>


</div>


<div style='font-color:black'>


<p class=MsoNormal style='background:#E4E4E4'><b><font size=2 face=Arial><span


style='font-size:10.0pt;font-family:Arial;font-weight:bold'>From:</span></font></b><font


size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'> <a


href="mailto:Nick.Kassel@charles-stanley.co.uk"


title="Nick.Kassel@charles-stanley.co.uk">Nick Kassel</a> </span></font></p>


</div>


<div>


<p class=MsoNormal><b><font size=2 face=Arial><span style='font-size:10.0pt;


font-family:Arial;font-weight:bold'>To:</span></font></b><font size=2


face=Arial><span style='font-size:10.0pt;font-family:Arial'> <a


href="mailto:erickbe@yahoo.com" title="erickbe@yahoo.com">Erick Bergquist</a> ;


<a href="mailto:it@cimgroup.com" title="it@cimgroup.com">IT</a> ; <a


href="mailto:Scott.Voll@wesd.org" title="Scott.Voll@wesd.org">Voll, Scott</a> ;


<a href="mailto:puckcisco@cumhur.com" title="puckcisco@cumhur.com">puckcisco@cumhur.com</a>


; <a href="mailto:cisco-voip@puck.nether.net" title="cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a>


</span></font></p>


</div>


<div>


<p class=MsoNormal><b><font size=2 face=Arial><span style='font-size:10.0pt;


font-family:Arial;font-weight:bold'>Sent:</span></font></b><font size=2


face=Arial><span style='font-size:10.0pt;font-family:Arial'> Thursday,


September 14, 2006 4:29 AM</span></font></p>


</div>


<div>


<p class=MsoNormal><b><font size=2 face=Arial><span style='font-size:10.0pt;


font-family:Arial;font-weight:bold'>Subject:</span></font></b><font size=2


face=Arial><span style='font-size:10.0pt;font-family:Arial'> Re: [cisco-voip]


vulnerable gateway?</span></font></p>


</div>


<div>


<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:


12.0pt'>&nbsp;</span></font></p>


</div>


<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:


12.0pt'>What partitions does the Voicemail CSS need to access, we appear to


have<br>


spurious partitions added to this CSS and I'm not sure they need to be<br>


there?<br>


<br>


-----Original Message-----<br>


From: <a href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</a><br>


[mailto:cisco-voip-bounces@puck.nether.net] On Behalf Of Erick Bergquist<br>


Sent: Wednesday, September 13, 2006 4:03 AM<br>


To: IT; Voll, Scott; <a href="mailto:puckcisco@cumhur.com">puckcisco@cumhur.com</a>;


<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>


Subject: Re: [cisco-voip] vulnerable gateway?<br>


<br>


You can limit this with the restriction tables in unity and ultimately<br>


with the CSS set on the Call Manager VM Port configuration. <br>


<br>


----- Original Message ----<br>


From: IT &lt;<a href="mailto:it@cimgroup.com">it@cimgroup.com</a>&gt;<br>


To: &quot;Voll, Scott&quot; &lt;<a href="mailto:Scott.Voll@wesd.org">Scott.Voll@wesd.org</a>&gt;;


IT &lt;<a href="mailto:it@cimgroup.com">it@cimgroup.com</a>&gt;;<br>


<a href="mailto:puckcisco@cumhur.com">puckcisco@cumhur.com</a>; <a


href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>


Sent: Tuesday, September 12, 2006 5:42:04 PM<br>


Subject: Re: [cisco-voip] vulnerable gateway?<br>


<br>


But where in unity is someone able to route their call to any arbitrary<br>


phone number?<br>


<br>


-----Original Message-----<br>


From: Voll, Scott [mailto:Scott.Voll@wesd.org] <br>


Sent: Tuesday, September 12, 2006 3:37 PM<br>


To: IT; <a href="mailto:puckcisco@cumhur.com">puckcisco@cumhur.com</a>; <a


href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>


Subject: RE: [cisco-voip] vulnerable gateway?<br>


<br>


I would agree with TAC per your CDR of CiscoUM-VI1.<br>


<br>


Scott<br>


<br>


-----Original Message-----<br>


From: <a href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</a><br>


[mailto:cisco-voip-bounces@puck.nether.net] On Behalf Of IT<br>


Sent: Tuesday, September 12, 2006 3:29 PM<br>


To: <a href="mailto:puckcisco@cumhur.com">puckcisco@cumhur.com</a>; IT; <a


href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>


Subject: Re: [cisco-voip] vulnerable gateway?<br>


<br>


Actually, I tried both UDP and TCP.<br>


Would it still show up under a portscan? TAC seems to think they came in<br>


through voicemail...<br>


<br>


-----Original Message-----<br>


From: cumbur [mailto:zeus@cumhur.com] On Behalf Of <a


href="mailto:puckcisco@cumhur.com">puckcisco@cumhur.com</a><br>


Sent: Tuesday, September 12, 2006 3:19 PM<br>


To: IT; <a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>


Subject: RE: [cisco-voip] vulnerable gateway?<br>


<br>


Dear Avidan,<br>


<br>


H323 use TCP 1720 (not udp)&nbsp; port for call initiation also don't forget<br>


to<br>


block SIP ports TCP/UDP 5060.<br>


<br>


Regards.<br>


Cumhur<br>


<br>


-----Original Message-----<br>


From: <a href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</a><br>


[mailto:cisco-voip-bounces@puck.nether.net] On Behalf Of IT<br>


Sent: Wednesday, September 13, 2006 12:59 AM<br>


To: <a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>


Subject: [cisco-voip] vulnerable gateway?<br>


<br>


I just got a call from my long distance provider that someone has been<br>


using my PRI for many international calls. I check my CDR database<br>


tables, and it appears that calls have been coming from one of my branch<br>


office 2801's. But, in the CDR table, the origDeviceName alternates<br>


between the name of the gateway and CiscoUM-VI1.<br>


I ran a port scan against the router, and found that h.323 and callbook<br>


ports were open to the public. I shutdown the interface that had those<br>


ports open, because when I tried to do a &quot;access-list 100 deny udp any<br>


any eq 1720&quot; it still shows as open on the portscan.<br>


<br>


How can I secure/lock H.323 on these branch devices?<br>


How did someone utilize my gateway to make these calls?<br>


How can I avoid this in the future?<br>


<br>


I guess I should have made sure that the consulting group that set up<br>


these gateways in the first place locked them down, but hindsight is<br>


20/20.<br>


<br>


Thanks,<br>


Avidan<br>


<br>


_______________________________________________<br>


cisco-voip mailing list<br>


<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>


<a href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>


<br>


<br>


<br>


-- <br>


No virus found in this incoming message.<br>


Checked by AVG Free Edition.<br>


Version: 7.1.405 / Virus Database: 268.12.3/446 - Release Date:<br>


12/09/2006<br>


<br>


<br>


<br>


_______________________________________________<br>


cisco-voip mailing list<br>


<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>


<a href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>


<br>


_______________________________________________<br>


cisco-voip mailing list<br>


<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>


<a href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>


<br>


<br>


<br>


<br>


_______________________________________________<br>


cisco-voip mailing list<br>


<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>


<a href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>


***********************************************************************************************<br>


<br>


The information contained in this e-mail is strictly confidential, some or all<br>


of which may be legally privileged. It is for the intended recipient only.<br>


Access to this e-mail by any other person is prohibited. If you are not the<br>


intended recipient, any use, disclosure, copying, printing, distribution of,<br>


replying to or any action taken or omitted to be taken in reliance on this<br>


e-mail, is prohibited and may be unlawful. Please contact the sender


immediately<br>


should this e-mail have been incorrectly addressed or transmitted.<br>


<br>


You accept that any instructions are deemed to have been given at the time the<br>


recipient(s) accesses them and that delivery receipt does not constitute<br>


acknowledgement or receipt by the intended recipient(s). You accept that there<br>


may be a delay in processing the instructions received from e-mails after<br>


Charles Stanley has received them. You are advised that urgent, time sensitive<br>


and confidential communications should not be sent by e-mail. <br>


<br>


You acknowledge that e-mails are not secure and you accept the risk of<br>


malfunction, viruses, unauthorised interference, mis-delivery or delay.<br>


************************************************************************************************<br>


<br>


<br>


Charles Stanley &amp; Co. Ltd<br>


Registered Office: 25 Luke Street London EC2A 4AR<br>


<br>


Tel: 0207 739 8200 Fax: 0207 739 7798<br>


Registered in England No. 1903304<br>


<br>


Charles Stanley Sutherlands and Charles Stanley Securities are divisions of


Charles Stanley &amp; Co. Ltd<br>


<br>


Authorised and Regulated by the Financial Services Authority, Member of the<br>


London Stock Exchange, International Securities Markets Association, and The


London International Financial Futures &amp;<br>


Options Exchange.<br>


<br>


This footnote also confirms that this email message has been swept by McAfee<br>


VirusScan and SurfControl Email Filter software.<br>


<br>


<br>


_______________________________________________<br>


cisco-voip mailing list<br>


<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>


<a href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a></span></font></p>


</blockquote>


</div>


<br><br><table bgcolor=white style="color:black"><tr><td><br>***********************************************************************************************<br>


<br>


The&nbsp;information&nbsp;contained&nbsp;in&nbsp;this&nbsp;e-mail&nbsp;is&nbsp;strictly&nbsp;confidential,&nbsp;some&nbsp;or&nbsp;all<br>


of&nbsp;which&nbsp;may&nbsp;be&nbsp;legally&nbsp;privileged.&nbsp;It&nbsp;is&nbsp;for&nbsp;the&nbsp;intended&nbsp;recipient&nbsp;only.<br>


Access&nbsp;to&nbsp;this&nbsp;e-mail&nbsp;by&nbsp;any&nbsp;other&nbsp;person&nbsp;is&nbsp;prohibited.&nbsp;If&nbsp;you&nbsp;are&nbsp;not&nbsp;the<br>


intended&nbsp;recipient,&nbsp;any&nbsp;use,&nbsp;disclosure,&nbsp;copying,&nbsp;printing,&nbsp;distribution&nbsp;of,<br>


replying&nbsp;to&nbsp;or&nbsp;any&nbsp;action&nbsp;taken&nbsp;or&nbsp;omitted&nbsp;to&nbsp;be&nbsp;taken&nbsp;in&nbsp;reliance&nbsp;on&nbsp;this<br>


e-mail,&nbsp;is&nbsp;prohibited&nbsp;and&nbsp;may&nbsp;be&nbsp;unlawful.&nbsp;Please&nbsp;contact&nbsp;the&nbsp;sender&nbsp;immediately<br>


should&nbsp;this&nbsp;e-mail&nbsp;have&nbsp;been&nbsp;incorrectly&nbsp;addressed&nbsp;or&nbsp;transmitted.<br>


<br>


You&nbsp;accept&nbsp;that&nbsp;any&nbsp;instructions&nbsp;are&nbsp;deemed&nbsp;to&nbsp;have&nbsp;been&nbsp;given&nbsp;at&nbsp;the&nbsp;time&nbsp;the<br>


recipient(s)&nbsp;accesses&nbsp;them&nbsp;and&nbsp;that&nbsp;delivery&nbsp;receipt&nbsp;does&nbsp;not&nbsp;constitute<br>


acknowledgement&nbsp;or&nbsp;receipt&nbsp;by&nbsp;the&nbsp;intended&nbsp;recipient(s).&nbsp;You&nbsp;accept&nbsp;that&nbsp;there<br>


may&nbsp;be&nbsp;a&nbsp;delay&nbsp;in&nbsp;processing&nbsp;the&nbsp;instructions&nbsp;received&nbsp;from&nbsp;e-mails&nbsp;after<br>


Charles&nbsp;Stanley&nbsp;has&nbsp;received&nbsp;them.&nbsp;You&nbsp;are&nbsp;advised&nbsp;that&nbsp;urgent,&nbsp;time&nbsp;sensitive<br>


and&nbsp;confidential&nbsp;communications&nbsp;should&nbsp;not&nbsp;be&nbsp;sent&nbsp;by&nbsp;e-mail.&nbsp;<br>


<br>


You&nbsp;acknowledge&nbsp;that&nbsp;e-mails&nbsp;are&nbsp;not&nbsp;secure&nbsp;and&nbsp;you&nbsp;accept&nbsp;the&nbsp;risk&nbsp;of<br>


malfunction,&nbsp;viruses,&nbsp;unauthorised&nbsp;interference,&nbsp;mis-delivery&nbsp;or&nbsp;delay.<br>


************************************************************************************************<br>


<br>


<br>


Charles&nbsp;Stanley&nbsp;&amp;&nbsp;Co.&nbsp;Ltd<br>


Registered&nbsp;Office:&nbsp;25&nbsp;Luke&nbsp;Street&nbsp;London&nbsp;EC2A&nbsp;4AR<br>


<br>


Tel:&nbsp;0207&nbsp;739&nbsp;8200&nbsp;Fax:&nbsp;0207&nbsp;739&nbsp;7798<br>


Registered&nbsp;in&nbsp;England&nbsp;No.&nbsp;1903304<br>


<br>


Charles&nbsp;Stanley&nbsp;Sutherlands&nbsp;and&nbsp;Charles&nbsp;Stanley&nbsp;Securities&nbsp;are&nbsp;divisions&nbsp;of&nbsp;Charles&nbsp;Stanley&nbsp;&amp;&nbsp;Co.&nbsp;Ltd<br>


<br>


Authorised&nbsp;and&nbsp;Regulated&nbsp;by&nbsp;the&nbsp;Financial&nbsp;Services&nbsp;Authority,&nbsp;Member&nbsp;of&nbsp;the<br>


London&nbsp;Stock&nbsp;Exchange,&nbsp;International&nbsp;Securities&nbsp;Markets&nbsp;Association,&nbsp;and&nbsp;The&nbsp;London&nbsp;International&nbsp;Financial&nbsp;Futures&nbsp;&amp;<br>


Options&nbsp;Exchange.<br>


<br>


This&nbsp;footnote&nbsp;also&nbsp;confirms&nbsp;that&nbsp;this&nbsp;email&nbsp;message&nbsp;has&nbsp;been&nbsp;swept&nbsp;by&nbsp;McAfee<br>


VirusScan&nbsp;and&nbsp;SurfControl&nbsp;Email&nbsp;Filter&nbsp;software.<br>


</td></tr></table></body>


</html>