Hacked Remote Access to Loudspeaker Paging

[Kali66]

Guys,

I have a Avaya CM that is getting hacked from the outside from some caller and hitting my page port. The caller is a debt collector but I am not sure how he is access the page port. The TAC for in house page is 709, we even change the page code and still got the same thing happening. How does a caller from the outside hit this and page?

 

[4merAvaya]

Try changing the COR on the Remote Access to block it from accessing the COR assigned to paging. Change the Barrier Code on the Remote Access.

Kevin

 

[AvayaTier3]

It's more likely that someone's using transfer out of voicemail.
lock down your voicemail ports.

An ex employee that could have remote-access and barrier code from remotely recording announcements or using
company resources for making LD calls.

do a list trace TAC 709

A great teacher, does not provide answers, but methods to teach others "How and where to find the answers"

bsh

40 years Bell, AT&T, Lucent, Avaya
Tier 3 for 30 years and counting
[URL unfurl="true"]http://bshtele.com[/url]

 

[Kali66]

Thanks for the help guys. I will get the COR checked out for Remote Access checked out today. I also found out what the barrier code is. I am going to try and reproduce this issue. Then change it just to start eliminating things. I tried to do a list trace on my TEC 709 and wouldn't do it. How would I go about locking down my voicemail ports? I thought they were defined by the COR?

 

[AvayaTier3]

COR for voicemail stations should not allow connection to COR of paging.

What integration are you using for paging?
trunk port
station port
change paging loudspeaker



A great teacher, does not provide answers, but methods to teach others "How and where to find the answers"

bsh

40 years Bell, AT&T, Lucent, Avaya
Tier 3 for 30 years and counting
[URL unfurl="true"]http://bshtele.com[/url]