Hi All
Have a real doosey that has me at a loss.
Background first
The system in question is a CXi runnuning on mcd 4.0 sp1 with one basic rate connections and couple of IP handsets (5312) and auto Atendant not implemented. The only voice mailboxes configured on the device are:
- mailbox 0
- admin mailbox 999
- And two user mailboxes for above handsets
- 4 VM ports are active
Zero is used for dialling an external line and 9 for an operator.
Misc programming such as DISA, account codes, sys speed dials not implemented.
Acess to the web interface is behind a corporate firewall block from external sources.
The customer is using the box for staging and design purposes, not a production box.
The customer has numerous CXi chassis' in the field and uses above system to test out functions and features before deploying to the field and has standardised configuration where possible across the board (COS, COR, number scheme etc) and naturally loaded in above system.
Situation:
I received a call to assist with investigating international calls being made from the embedded voicemail system, during the early hours of the morning. Verified by reviewing the SMDR logs (logs read smdr .....) and telco billing. Note: SMDR is also setup to capture internal and incoming calls, so we can see a trail into voicemail and out.
Naturally the 1st place I reviewed was ARS and COR applied to the embedded voicemail ports to ensure that voicemail could not make an international call. All confirmed that its configured to block, and I even went to the extend of applying the same COR of voicemail ports to a handset and dialled the number shown in the smdr log, and received the usual "Access denied" message....
The next area I reviewed was voice mail.
- Voicemail options, supervised transfer is enabled and restricted from dialling all numbers
- None of the user voice mailboxes have a dial 0 for operator configured or cell phone / fax transfer configured
- 6 digit passcodes enabled on all mailboxes, none at default.
Next I looked a mailbox 0 and the only concerned was the dial 0 for operator was configured as 0. My 1st through was if a hacker got to the default AH AAmessage, waited he/she would be transferred to zero which dials an external line then began dialling (somehow) the international number. But I can't seem to make this work either.
I ran out of time Friday to investigate further, my next steps is:
- To configure a mailbox with a cell phone transfer and put in the international number in question and actually see if the CXi is blocking voicemail ports calling out.
- Play with the maximum digits dialed form, currently set to unlimited for all CORs and rstrict capacity there.
Can anyone suggest other areas to investigate or review or has come across something similar? Have I missed something obvious......
Have a real doosey that has me at a loss.
Background first
The system in question is a CXi runnuning on mcd 4.0 sp1 with one basic rate connections and couple of IP handsets (5312) and auto Atendant not implemented. The only voice mailboxes configured on the device are:
- mailbox 0
- admin mailbox 999
- And two user mailboxes for above handsets
- 4 VM ports are active
Zero is used for dialling an external line and 9 for an operator.
Misc programming such as DISA, account codes, sys speed dials not implemented.
Acess to the web interface is behind a corporate firewall block from external sources.
The customer is using the box for staging and design purposes, not a production box.
The customer has numerous CXi chassis' in the field and uses above system to test out functions and features before deploying to the field and has standardised configuration where possible across the board (COS, COR, number scheme etc) and naturally loaded in above system.
Situation:
I received a call to assist with investigating international calls being made from the embedded voicemail system, during the early hours of the morning. Verified by reviewing the SMDR logs (logs read smdr .....) and telco billing. Note: SMDR is also setup to capture internal and incoming calls, so we can see a trail into voicemail and out.
Naturally the 1st place I reviewed was ARS and COR applied to the embedded voicemail ports to ensure that voicemail could not make an international call. All confirmed that its configured to block, and I even went to the extend of applying the same COR of voicemail ports to a handset and dialled the number shown in the smdr log, and received the usual "Access denied" message....
The next area I reviewed was voice mail.
- Voicemail options, supervised transfer is enabled and restricted from dialling all numbers
- None of the user voice mailboxes have a dial 0 for operator configured or cell phone / fax transfer configured
- 6 digit passcodes enabled on all mailboxes, none at default.
Next I looked a mailbox 0 and the only concerned was the dial 0 for operator was configured as 0. My 1st through was if a hacker got to the default AH AAmessage, waited he/she would be transferred to zero which dials an external line then began dialling (somehow) the international number. But I can't seem to make this work either.
I ran out of time Friday to investigate further, my next steps is:
- To configure a mailbox with a cell phone transfer and put in the international number in question and actually see if the CXi is blocking voicemail ports calling out.
- Play with the maximum digits dialed form, currently set to unlimited for all CORs and rstrict capacity there.
Can anyone suggest other areas to investigate or review or has come across something similar? Have I missed something obvious......
