We have a customer who had a little bit of fraud last night on their SIP trunks, but the SIP was not their route into the system it would seem, as this system is all digital users with no H323 or SIP registrar active on the system and looking at the audit trail/system programming there was no intrusion into the config.
The only thing I did see was congestion showing on the voicemail around the time it was happening (2am) and they did have a DDI pointing to voicemail for remote access to check messages. I decided to delete the incoming route for this number and delete the catch all so that if the calls were coming into the voicemail SSA would show me under config alarms.
Low and behold I have just checked and there have been 39 attempts to call into the number that I removed from the programming.
So my question : what exploit is there in the embedded voicemail on a 500v2 on 10.0.0.3.0 Build 5?
| ACSS SME |
The only thing I did see was congestion showing on the voicemail around the time it was happening (2am) and they did have a DDI pointing to voicemail for remote access to check messages. I decided to delete the incoming route for this number and delete the catch all so that if the calls were coming into the voicemail SSA would show me under config alarms.
Low and behold I have just checked and there have been 39 attempts to call into the number that I removed from the programming.
So my question : what exploit is there in the embedded voicemail on a 500v2 on 10.0.0.3.0 Build 5?
| ACSS SME |