Strange log entries and unexplained reboot

[nixnewbie]

Right in the middle of the day last week, our IPO 8.1 server rebooted. I can't find much information. However, around the time of the reboot, there were several Failed access attempts by users I don't manage. I have attached a screen shot from System Status. Our system was configured and installed by a VAR about 2 months ago. They claim they didn't do anything in it and we don't know of any reason Avaya would have accessed the system. Can anyone give me some insight? I feel like I am digging in the dark.

Thanks,
Stephen

 

[AACon]

Any chance this system is exposed to the WAN on the 2nd lan port for sip trunks?

-Austin
ACE: Implement IP Office

 

[nixnewbie]

Yes, there is a LAN2 connected to a service provider for SIP Trunks.

 

[AACon]

Ouch. I can't believe so many of these threads are coming up these days.
You need to get on that right away. Best idea is to have a firewall between the two.
Change ALL service passwords. use the software firewall to DROP all traffic on the LAN 2. Make the default route point INTERNAL, and ONLY allow traffic from your sip provider on LAN2 (use static routing to do this).

Perfect world, SBC between your IPO and the provider to control traffic...

-Austin
ACE: Implement IP Office

 

[nixnewbie]

Okay, so explain a little more.
FWIW, LAN2 is masked to 255.255.255.252 on a T1 endpoint provided by the carrier, cross-connected with them in a datacenter.

Stephen

 

[IPGuru]

nixnewbie if the IPO has a public IP address you need to reconfigure so it is on a private IP behind a firewall

you should NEVER connect an IPO direct to an unsecured internet connection.

A Maintenance contract is essential, not a Luxury.
Do things on the cheap & it will cost you dear

 

[nixnewbie]

IPGuru,
Duly noted. I think I will harass the VAR that installed it that way. They installed the firewall at that location at the same time and engineered the network. I think they were just following the integration docs provided by the carrier.

Stephen