<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.gmailquote
{mso-style-name:gmail_quote;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I find it puzzling why anyone would put their production
telephone system on the Internet with no apparent security measures, not even
an access list. Cisco should restrict this I suppose, but some basic network
security practices should also have been followed in this case during
implementation.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
cisco-voip-bounces@puck.nether.net [mailto:cisco-voip-bounces@puck.nether.net] <b>On
Behalf Of </b>Aman Chugh<br>
<b>Sent:</b> Friday, June 06, 2008 10:50 PM<br>
<b>To:</b> Kelemen Zoltan<br>
<b>Cc:</b> cisco voip<br>
<b>Subject:</b> Re: [cisco-voip] has anyone seen this !<o:p></o:p></span></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<div>
<p class=MsoNormal>Yes , exactly I was told the same thing and customer
is facing a huge bill.<br>
<br>
<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span class=gmailquote>On 6/6/08, <b>Kelemen Zoltan</b> <<a
href="mailto:keli@carocomp.ro">keli@carocomp.ro</a>> wrote:</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;
margin-left:4.8pt;margin-right:0in'>
<p class=MsoNormal>I had bitten this bullet in January ( <a
href="https://puck.nether.net/pipermail/cisco-voip/2008-January/029569.html"
target="_blank">https://puck.nether.net/pipermail/cisco-voip/2008-January/029569.html</a>
) and I'm still perplexed how can Cisco leave this as-is with SIP and H.323
wide open for public as default settings, while being well aware of the
situation and it's possible consequences.<br>
<br>
I've been discussing this issue with some other colleagues as well in the
branch and I know this has happened to plenty of other people, in some
case causing very serious monetary damage.<br>
<br>
regards,<br>
Zoltan<br>
<br>
Aman Chugh wrote:<o:p></o:p></p>
<p class=MsoNormal>It was SIP , disabled sip on the wan port using an ACL
to stop calls going out.<br>
Aman<br>
<br>
On 6/6/08, *James Edmondson* <<a href="mailto:biged7600@gmail.com"
target="_blank">biged7600@gmail.com</a> <mailto:<a
href="mailto:biged7600@gmail.com" target="_blank">biged7600@gmail.com</a>>>
wrote:<br>
<br>
Do you happen to have custom scripts on the CME box? I had this<br>
problem as whoever developed the script left the hole open to dial<br>
anynumber from the AA. <br>
On Thu, Jun 5, 2008 at 2:31 PM, Jorge L. Rodriguez Aguila<br>
<<a href="mailto:jorge.rodriguez@netxar.com" target="_blank">jorge.rodriguez@netxar.com</a>
<mailto:<a href="mailto:jorge.rodriguez@netxar.com" target="_blank">jorge.rodriguez@netxar.com</a>>><br>
wrote:<br>
<br>
I would recommend that you do Two things
immediately. Install<br>
COR to limit calls and second implement Access List
to Kill<br>
H.323 coming from the internet.<br>
<br>
<br>
Jorge<br>
<br>
<br>
*From:* <a
href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a><br>
<mailto:<a
href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a>><br>
[mailto:<a
href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a><br>
<mailto:<a
href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a>>]
*On Behalf Of<br>
*Aman Chugh<br>
*Sent:* Thursday, June 05, 2008 2:13 PM<br>
*To:* cisco voip<br>
*Subject:* [cisco-voip] has anyone seen this !<br>
<br>
<br>
<br>
<br>
I have a site with CME and CUE , the internet link
is also<br>
terminated on my CME router, apparently some one has
hacked<br>
into the router and is using the router calling
numbers in<br>
cuba and somalia. This has caused a huge bill
from the phone<br>
company.We have TAC case openned for this, When we
shut the<br>
internet link this stops .<br>
<br>
<br>
Aman<br>
<br>
<br>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net"
target="_blank">cisco-voip@puck.nether.net</a> <mailto:<a
href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>><br>
<a
href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
<br>
<br>
<br>
<br>
-- James<br>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>
<mailto:<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip"
target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
<br>
<br>
------------------------------------------------------------------------<br>
<br>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
</blockquote>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</body>
</html>