07-23-2015 12:03 PM - edited 03-21-2019 10:27 AM
I was hesitant to bump an old thread, so here it is for reference:
https://supportforums.cisco.com/discussion/11735651/help-spa8000s-getting-hacked
How did that issue resolve, if at all? No firmware update has been released since that time, and I don't have access to CSCui25004 to read more about any possible update there.
One fundamental point about the hack was also unclear to me: is it only going to be a problem when the SPA8000 is connected directly to the Internet, or is it also possible when it's behind a router? If it's the latter, it's truly puzzling to me.
07-23-2015 02:12 PM
Once former Linksys division has been dropped no one with deep-in knowledge about this class of product respond here like Patrick Born did. So I will be surprised if an insider will respond you here.
Based on my experience (our installations are focused on customer's security), neither SPA IP Phones nor ATA Gateways are suitable to be exposed to public Internet. It's not only because of issue you mentioned - there has been other issues in the past including undocumented management interface - turned on with no name/password required by default.
There are no countermeasures against DoS or brutal-force password guessing implemented in devices as well.
In short, those devices are "in-door units" and needs to be placed in secured network only. No untrusted source should be allowed to send even one packet to it. Even one packet may harm. Such packet may arrive not even from outside, but from infected local PC as well. Even short call to exotic destination may be expensive.
You should have dedicated *private* VLAN covering voice infrastructure devices only. No other devices should be allowed on such VLAN.
Appropriate countermeasures should be taken on local PBX, if any, as well as on border router.
Just my $0.02
07-23-2015 11:07 PM
Thanks, Dan, that's some good advice (and I think there's some in the original thread, too, though perhaps not much of it was effective). Also, I wasn't even aware that Linksys had been passed off to Belkin.
If you or someone does have access to that CDETS report, it would still be interesting to know what happened back then.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide