<div dir="ltr"><div>The main problem, as Ryan pointed out, is more than likely weak voicemail passwords. Hackers are able to dial your main number and get an automated greeting, when they press (asterisk) they get the "welcome to voicemail" prompt. From there, it's pretty easy to start inputting extensions (especially if any are published on your website) and guessing passwords. Once they have that, they can input call forwarding details when someone receives a message, and just start calling that extension all the time. I have definitely seen THAT scenario before.<br><br></div>Dave<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Sep 12, 2016 at 10:39 PM, Lelio Fulgenzi <span dir="ltr"><<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="auto">
<div>Oh, we definitely have dial-peers. Both inbound and outbound. </div>
<div><br>
</div>
<div>I'm concerned because of the earlier comment about not all DIDs being accounted for. </div>
<div><br>
</div>
<div>I'm pretty sure I have an "inward dial" config on each PRI. But not sure I have a num-exp for each. </div>
<div><br>
</div>
<div>I'll double check my configs and share. <br>
<br>
Sent from my iPhone</div><div><div class="h5">
<div><br>
On Sep 12, 2016, at 10:11 PM, Nick Britt <<a href="mailto:nickolasjbritt@gmail.com" target="_blank">nickolasjbritt@gmail.com</a>> wrote:<br>
<br>
</div>
<blockquote type="cite">
<div>Do a
<div><br>
</div>
<div><span></span>Sh run all | sec dial-p
<div><br>
</div>
<div>If you don't have any DP's in the config I would imagine you are OK.<br>
<br>
On Monday, 12 September 2016, Lelio Fulgenzi <<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="auto">
<div><br>
</div>
<div>Here's a question: </div>
<div><br>
</div>
<div>We're using PRIs w/ MGCP so I'm assuming we're not affected. However, we have SRST configured, which I believe uses H323. </div>
<div><br>
</div>
<div>Could this affect us as well?</div>
<div><br>
</div>
<div>Lelio<br>
<br>
Sent from my iPhone</div>
<div><br>
On Sep 11, 2016, at 8:46 PM, Lelio Fulgenzi <<a>lelio@uoguelph.ca</a>> wrote:<br>
<br>
</div>
<blockquote type="cite">
<div>
<div>+1 here. By default with (the older?) IOS if someone dialled a number associated with the line plugged into your router, you'd get dial tone and from there you could dial an number the dial plan allowed. </div>
<div><br>
</div>
<div><br>
<br>
Sent from my iPhone</div>
<div><br>
On Sep 11, 2016, at 11:49 AM, Nick Britt <<a>nickolasjbritt@gmail.com</a>> wrote:<br>
<br>
</div>
<blockquote type="cite">
<div>Hi David,
<div><br>
</div>
<div>Can I ask Which version of IOS you are using?</div>
<div><br>
</div>
<div>Also could you post your incoming dial peer configuration or are you just using the default DP 0?</div>
<div><br>
</div>
<div>Ive experienced a similar issue before (luckily I didn't configure this particular deployment)</div>
<div><br>
</div>
<div>Before IOS 15 (I believe) direct in ward dial was not applied to the default dial peer. This allows people to call in on an unnnallocated number with in the DID range and receive a dial tone. (Check it out quite scary)</div>
<div><br>
</div>
<div>The resolution was to apply the command direct in wars dial to all incoming dial peers.</div>
<div><br>
</div>
<div>I will try and dig out the link from Cisco.<span></span></div>
<div><br>
</div>
<div><br>
<br>
On Sunday, 11 September 2016, David Zhars <<a>dzhars@gmail.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">So yesterday I was alerted by our landline company that some of our phone numbers that come in POTS on an H323 router, we being used for phone fraud. I am wondering how this happens with an H323 router (I am familiar with someone hacking Unity
and setting up actions to route to Jamaica once someone leaves a voicemail or similar).
<div><br>
</div>
<div>The odd part is that these numbers are almost NEVER used for calling out, unless the user presses a 7 for an outbound line (versus an 8 which puts the call out on ISDN).</div>
<div><br>
</div>
<div>I found a link on how to disable OffNet calling in UCM, but should I instead look at securing the H323 router? Or does the call blocking rule need to be done in UCM?</div>
<div><br>
</div>
<div>Thanks for any enlightenment you can provide.</div>
<div><br>
</div>
<div>PS- Client is in USA, call fraud to Jamaica which does not require a country code, so harder to block.</div>
</div>
</blockquote>
</div>
<br>
<br>
-- <br>
- Nick<br>
<br>
</div>
</blockquote>
<blockquote type="cite">
<div><span>______________________________<wbr>_________________</span><br>
<span>cisco-voip mailing list</span><br>
<span><a>cisco-voip@puck.nether.net</a></span><br>
<span><a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailma<wbr>n/listinfo/cisco-voip</a></span><br>
</div>
</blockquote>
</div>
</blockquote>
<blockquote type="cite">
<div><span>______________________________<wbr>_________________</span><br>
<span>cisco-voip mailing list</span><br>
<span><a>cisco-voip@puck.nether.net</a></span><br>
<span><a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailma<wbr>n/listinfo/cisco-voip</a></span><br>
</div>
</blockquote>
</div>
</blockquote>
</div>
</div>
<br>
<br>
-- <br>
- Nick<br>
<br>
</div>
</blockquote>
</div></div></div>
<br>______________________________<wbr>_________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" rel="noreferrer" target="_blank">https://puck.nether.net/<wbr>mailman/listinfo/cisco-voip</a><br>
<br></blockquote></div><br></div>