BCM Compromised

[SharpAdam]

I'm not sure if we got hacked, have a virus, or what.

A previous thread had a similar problem. Has anyone seen this? thread1361-1188936

We have a 400 running 3.6. While troubleshooting for one-way speech path we were sniffing packets and noticed the BCM contacting an IP in Italy. They closed off access to this IP range in their PIX and the BCM ended up flooding the PIX with 1000 requests per minute for this IP. It then started port scanning the PIX. Weird, huh?

So I'm going to replace the hard drive (have one ordered). Has anyone else seen this? I'd hate to replace the HDD and reconfigure the BCM (as an SRG) if someone has a fix.

Thanks!!
Adam

 

[gberger]

You`ll probably have to change the drive or re-image it. Do a backup first, replace the drive,re-initialize it(don`t forget to change the date back in 2006 before you do so) and restore only voice applications. After back to normal, a good thing would be to upgrade to 4.0.

 

[vappl]

I agree with the upgrade to 4.0 .Then load the newest patches. Easier to deal with problems on the new OS , if the problem is still there.