IPO hacking? 2

[ipotech808]

After opening my system up to the outside (One-X, Remote Phone, Flare), I noticed that my system status has been showing alarms that a PC Partner has tried to login but failed. I also noticed that the IP address that was captured says its from Afghanistan. Then I noticed that some of my phones have been dialing out on its own but luckily I barred international calls. Has this happened to anyone else?

I am on 9.0.2.860 release.

This is really strange.. All passwords were changed so that no one can remotely log in with default passwords. Even the login codes are 4 digits also not easy to crack. I hope someone can shed some light so that I can firewall or get an answer on how to avoid this.. Thanks in advance.

 

[amriddle01]

It's happened to many others, phone Manager and TAPI checks the user password not the login code.

After opening my system up to the outside

After doing this you need to add security measures too

 

[ipotech808]

Yeah... I have no clue on how to secure it after Avaya told me to open ports.. I mainly have 5060, 5061, RTP ports and 5269, 8444, 8069 open for the One-X, Flare and remote phones to be able to come in through the router.

 

[sizbut]

I needed a good laugh and the concept that anyone thinks 4 digit passcode take any time to hack is a hoot.

Stuck in a never ending cycle of file copying.

 

[tlpeter]

You should not use the default ports for the outside.
You should use at least a 12 character password.
You should try to find out the mobile providers up range and set that for the IP route and not using 0.0.0.0 when possible.

BAZINGA!

I'm not insane, my mother had me tested!

 

[ipotech808]

Oh I see what you mean. I gotta find the IP range for the cell providers and lock it down. Thanks Peter again.

 

[tlpeter]

For now I would remove the IP route right now.
You are under attack and they won't stop.
I have seen it myself on our test system and it did not stop until port 5060 was blocked.

BAZINGA!

I'm not insane, my mother had me tested!