222igotnoclue
Technical User
I need some help locking down my Vodavi 3501-01 - would this be the appropriate place to locate a consultant to assist?
Thanks!
Thanks!
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Programming help needed for Vodavi 3501-01 KSU 1
- Thread starter 222igotnoclue
- Start date
- Status
- Thread starter
- #3
222igotnoclue
Technical User
Sorry about that omitted details - am located in Bloomington, IN. Here's the rest of the story ...
We've had our Vodavi 3501-01 running without hiccups since installation in 2008. We use it with a single voicemail account (like an answer maching), because I hate voicemail. We have 1 remote employee who comes into the Vodavi KSU as an extension using FSX & FSO blackboxes over her internet connection. Last night (after I knew she wasn't working) I noticed 3 outgoing lines lit up as well as her extension. I knew something was wrong, so I unplugged the FXO box and all of the phonelines from our NIC and then reconnected them at which point the line lights went out.
When we got in this morning, I had a message from AT&T's International Fraud unit saying that a call had been made from one of our lines to the UK and this was typical of fraud activity. The AT&T guy explained that 99% of the time, the fraudsters penetrate the phone system by manipulating a remote dial tone access feature or call forwarding and they often establish new mailboxes on the system under attack (that go undetected). Apparently the purpose of all of this is to make my phone system call a "premium" overseas # where I'll be charged a ginormous per minute rate which will inure to the benefit of the fraudster. Thus began my day of trying to figure out how to fix this mess and a Google search on Vodavi 3501 lead me to this forum of heavy-hitters.
So what I want to do is disable (lock down) any feature that would permit remote dial-tone access or call forwarding. Reset any password that is a factory default. And disable any ability to remotely program the KSU. Lock it down so that if you're not sitting at a phone onsite or at the KSU, you're not going to be able to program the KSU.
Separately, I'm investigating whether the FXS/FXO is running within or outside of the VPN remote connection in the event that this might provide a point of malicious system entry.
Hopefully my situation will make a little more sense to forum members now.
Thanks in advance for any advice or direction that you can share with me!
We've had our Vodavi 3501-01 running without hiccups since installation in 2008. We use it with a single voicemail account (like an answer maching), because I hate voicemail. We have 1 remote employee who comes into the Vodavi KSU as an extension using FSX & FSO blackboxes over her internet connection. Last night (after I knew she wasn't working) I noticed 3 outgoing lines lit up as well as her extension. I knew something was wrong, so I unplugged the FXO box and all of the phonelines from our NIC and then reconnected them at which point the line lights went out.
When we got in this morning, I had a message from AT&T's International Fraud unit saying that a call had been made from one of our lines to the UK and this was typical of fraud activity. The AT&T guy explained that 99% of the time, the fraudsters penetrate the phone system by manipulating a remote dial tone access feature or call forwarding and they often establish new mailboxes on the system under attack (that go undetected). Apparently the purpose of all of this is to make my phone system call a "premium" overseas # where I'll be charged a ginormous per minute rate which will inure to the benefit of the fraudster. Thus began my day of trying to figure out how to fix this mess and a Google search on Vodavi 3501 lead me to this forum of heavy-hitters.
So what I want to do is disable (lock down) any feature that would permit remote dial-tone access or call forwarding. Reset any password that is a factory default. And disable any ability to remotely program the KSU. Lock it down so that if you're not sitting at a phone onsite or at the KSU, you're not going to be able to program the KSU.
Separately, I'm investigating whether the FXS/FXO is running within or outside of the VPN remote connection in the event that this might provide a point of malicious system entry.
Hopefully my situation will make a little more sense to forum members now.
Thanks in advance for any advice or direction that you can share with me!
-
1
- #4
Good description! And my first knee-jerk reaction (before I read the line about investigating "inside VPN..) was that the FXO/FXS arrangement likely had the trouble.
Vodavi doesn't have Direct Inward System Access (DISA) enabled by default - however if the installer left the voicemail password at default, someone could have manipulated the auto attend.
If you don't need international calling, have carrier turn it off.
Program a toll restriction to prevent 011 calls without a forced and verified account code. A LONG and RANDOM account code.
Remember that the greater Caribbean is a part of the North American Numbering Plan, hence not "international" by many standards. Many more area codes than in years past.
From one of your phones, dial 499 and see if a modem answers. If so, you can maybe get remote assistance. Make sure that callers can't get to 499 via auto attend.
Vodavi doesn't have Direct Inward System Access (DISA) enabled by default - however if the installer left the voicemail password at default, someone could have manipulated the auto attend.
If you don't need international calling, have carrier turn it off.
Program a toll restriction to prevent 011 calls without a forced and verified account code. A LONG and RANDOM account code.
Remember that the greater Caribbean is a part of the North American Numbering Plan, hence not "international" by many standards. Many more area codes than in years past.
From one of your phones, dial 499 and see if a modem answers. If so, you can maybe get remote assistance. Make sure that callers can't get to 499 via auto attend.
- Thread starter
- #5
222igotnoclue
Technical User
This is excellent advice. Thank you so much!!!
I too suspect the FXS/FSO as the malicious point of entry. I'm usually the last one to leave (have been turning off the KSU when I leave until we plug this hole). Right before I left, the FXS/FSO extension lit up and grabbed an outside line.
Currently we're using a Linksys PAP2T phone box (on the remote end) and a similar unit in our server cage. Any thoughts on something a little (LOT) more bulletproof?
Thanks!
I too suspect the FXS/FSO as the malicious point of entry. I'm usually the last one to leave (have been turning off the KSU when I leave until we plug this hole). Right before I left, the FXS/FSO extension lit up and grabbed an outside line.
Currently we're using a Linksys PAP2T phone box (on the remote end) and a similar unit in our server cage. Any thoughts on something a little (LOT) more bulletproof?
Thanks!
- Status
Similar threads
- Locked
- Question