Re: Toll Fraud

[bigfrenchy1986]

Hi Guys

I have unfortunately had a customer that were victims of toll fraud. I wanted to see if anyone else has been hit with this or can give any advice to try and locate the way in which the dirty scoundrels managed to do it.

It is an IP office using SIP, the WAN is connected to a managed router which supplies the SIP. They have the LAN port connected onto their LAN for the IP Phones.

I have checked the SIP traces and they have managed to generate a call from a local extension which has hot desk enabled but doesn't have Remote Worker enabled. The customer has also said that no one was in the office over night so it wasn't an unscrupulous cleaner to blame.

There are no Auto Creates enabled on either LAN or WAN port.

Has anyone else ever had this or can think of how it is possible?

 

[qtelcom]

Sooooooooooooo, are all the service accounts changed from default? Voicemail Pro/system monitor/system password/etc.. changed password from default? The Hot Desk user, not using a dumb password? (like their own extn number)
Is the IPO accessible through the LAN or WAN from the outside network?

 

[rdoubrava]

the WAN is connected to a managed router which supplies the SIP

Is the managed router setup with NAT or a firewall?

 

[hairlessupportmonkey]

Look in the Audit Trail.


ACSS - SME
General Geek

 

[Westi]

are you in IP Office mode?

Joe W.

FHandw, ACSS (SME)


"This is the end of the world, make sure to buy your T-shirt before it is too late"
Original expression of my daughter

 

[intrigrant]

Another onfortnate case of poor security on the network side.
I bet they managed to get connected using the Phonemanager or TAPI interface which sre not disabled/protected towards the Inet.
Then you find no evidence in the Audit Trial logs.

 

[amriddle01]

I'll bet they have forwarded loads of ports to get SIP working, but not locked it down by IP