Hacking Attempts. 3

[dsm600rr]

Hello all. On our in-house IPO we have a SIP Trunk that requires a Public Facing IP Address under Network Topology.

Now we have this SIP Trunk deployed on many customers and I see no outside attack attempts.

We also have SIP Remote Phones and the IX Workplace App using TLS and a FQDN. Having this we are getting alot of Login attempts.

I am just curious how these attacks are being attempted. Did they find our FQDN pointing to the PBX? What are they using for attempted Extension Logins? They seem like brute force attacks as we get quite a bit of hits.

We have 5060 locked down to the SIP Trunk Provider.

I have tried messing around with Excessive SIP Traffic Blacklisting with no luck. Nothing I change seems to change the fact that the IP Address are only temporarily blocked the 600 seconds.

Just trying to secure our stuff more however its looking like an ASBC is the best route, however requiring IPOSS kind of kills it being affordable for most customers.

ACSS

 

[dsm600rr]

Thanks for the input everyone. I will be ordering a SBC for our In-House PBX to learn on.

Does my parts list look good?

- ASBCE CORE PORTWELL CAD FOR IPO PRODUCT (388053)
- IPO REM TECH SUPT 8X5 APR NBD - ASBCE PORTWELL CAT8 1YPP IPO 1YR PP (349164)
- ASBCE R8.x SYSTEM SOFTWARE USB SOFTWARE ONLY (700514240)
- (2) ASBCE R8 ADVANCED SERVICES SESSION IPO 1-500 LIC:CU LICENSE ONLY (397237)
- (18) ASBCE R8 STANDARD SERVICES SESSION IPO 1-500 LIC:CU LICENSE ONLY (397232)

I will be using the SBC for our NexVortex SIP Trunk and Remote Phones (J179's / IX Workplace) via our FQDN and TLS which is currently working fine aside from the hacking attempts.

What are some good documents to get started? This is the only one I could really find:

- IP Office SIP Phones with ASBCE_en-us.pdf




ACSS

 

[derfloh]

The IPO security guidelines have some information as well.

You will also need the free of charge encryption license for the SBC.

IP Office remote service
IP Office certificate check
CLI based call blocking
SCN fallback over PSTN

 

[G van Hamburg]

Hi Jamie,

All I can find right now is this:

Install the Avaya SBCE license file on a WebLM Release 8.0 or later server installed on System Manager , a local WebLM , or a standalone WebLM server. It does not mention IP Office yet but IP Office has WebLM 8 now.

Hope this helps.

Freelance Certified Avaya Aura Engineer

 

[chriscon]

From waht's new

WebLM Enhancement
Previously the WebLM service run on IP Office primary servers has only been officially supported for the licensing of IP Office servers. It is now supported for the licensing of other Avaya servers and services being used by the same IP Office server, for example ACCS. This does not currently include ASBCE

 

[janni78]

Don't see why it wouldn't be able to license ASBCE, it's still just a WebLM.
You will need to import IPO certificate to ASBCE since it likely won't be able to pull a license otherwise.
I've ran SBC licenses on WebLM 7 as well before they got upgraded with the rest of the customers solution.

When using Portwells runs local WebLM so not an issue in this case.

"Trying is the first step to failure..." - Homer

 

[sizbut]

Because its something they tested in order to support and found problems with the latest ABSCE.

Stuck in a never ending cycle of file copying.

 

[janni78]

I seriously doubt that, there is no difference on how ASBCE would ask WebLM for licenses compared to other products.

Also one version of WebLM is the same regardless of if it's standalone or embedded in some other component.

"Trying is the first step to failure..." - Homer

 

[dsm600rr]

I an noticing the document "IP Office SIP Phones with ASBCE_en-us.pdf" seems to be tailored to Server Edition. Does Avaya have a document for a standard IPO with ASBCE?

ACSS

 

[derfloh]

No difference in configuration.

The easiest is to try to use IPO WebLM. If it works... Fine. If not... Rehost the licenses to a stand alone WebLM.

IP Office remote service
IP Office certificate check
CLI based call blocking
SCN fallback over PSTN

 

[dsm600rr]

derfloh: never used WebLM before.

Going through some documents, It looks like it hosts the licenses for the ASBCE and that is basically it?

"For IP Office Release 11.1 FP1 and higher, an IP Office server running WebLM can act as the server for ASBCE licenses."

Is there a good document on WebLM? Does it run off the IPO? I also have a Linux Application Server as well as a Backup Linux Application Server that it could possibly run off of.

Does WebLM change all licensing for the IPO or can it be used just for the ASBCE and PLDS for the current Licenses?

ACSS

 

[jamie77]

Goos spot, That is in the docs now!! (

https://ipofficekb.avaya.com/busine..._frame2.html?Licenses_and_Subscriptions.html)

Not sure why this isn't emention in the release notes along side WEB LM support for ACCS, IPOCC etc.

WebLM runs on a the Server Edition and is installed by default. To be honest, I have never used it on the SE, just the standalone version for ASBCE or the built in one on IPOCC.

I would think you can put your normal licenses as you have always done and just your SBC licenses on the Web LM, but never tried so will need to play.

Jamie Green

[bold]A[/bold]vaya [bold]R[/bold]egistered [bold]S[/bold]pecialist [bold]E[/bold]ngineer

 

[dsm600rr]

jamie77: So according to your link the ASBCE does not require any additional licenses, however, For IP Office Release 11.1 FP1 and higher, an IP Office server running WebLM can act as the server for ASBCE license?

ACSS