one of our customer was hacked on his voice interfact 1 year ago. Environment is a CM6.1 and a 3K router with E1 interface as gateway.
The hacker did use a leak with unassigned called number. The customer had some destination number (he did not give us a complete list of all called DID number). So when the acking compagny did call those number he could send #0000 just behind the called number and he get an outgoing call free of charge. As this compagny did use them for long distance call, the customer was charged with more the 30K$ in 4 days (was on a E1 on all channel during a weekend + some day).
To avoid this, we did configure a default translation where all non tanslated number has as destination (the centrale office phone). So even if there is an wrong incomming number, he will arrive on a phone and do not receive an outgoing line.
No log entries in CM, the call did never ritch the CM, he did the turn directly in his router. It was the provider who calles to indicate a very large volume and cost on this line.
Now, in August, the same customer has outgoing calls during 1 week that he never could do. The calls are in the middle of the night where nobody is on site. The amount in 5 day is only 600$ but a leak must be there to do this. Nothing says that one day a explosion of those calls will not happen. The provider has verified the outgoing logs on his systems and the call are realy comming from this E1 interface (no error just on billing but real call). He do not have any incomming stats and in the CM has no log entry about thos calls (like before, it must be probably a turn-way in the router). The router where rebooted a few days before we did receive the probleme from customer as we did add a new interface in the router. Anyway, as the trouble was 2 week earlier, the logs would not stay in the log... Destination where middle-east, US and this customer never call this destination (thats why hi did see it).
Any idea or experience with such a probleme?
Any idea about how they can do this?
Any idea who to prevent any turn in to the router?
Is there an incoming POTS dial peer for the PRI (with 'incoming called-number .') that has 'direct-inward-dial'?
Without this command, and inbound call to a non-allocated number would provided dial-tone to the caller, and allow them to place a secondary call. With direct-inward-dial, this will not occur. You must make sure that EVERY inbound call matches a pots dial peer with this command.
To be sure to catch also the unexpected we did add after the hack suspection las week a translation rule 15 for the incomming:
As the provider send us the number on 4 or on 10 digits, we do translate the strarts from 4 digit display to thos who match the sestination prefix.
For exemple in rule 2 an incomming 7654 is translate in 2454 as we did organise the sites to hold if possible ther ending 2 digits corresponding to the PSTN ending digits (too big translation rules to manage other way because a lot of ranges historicaly from the different site)
You have reached the Cisco Logistics Support Center.. To Check Status of
your RMA, visit Product Returns & Replacements (RMA). Need help? Contact
us by Phone or Email. North Americas Phone: 1800 553 2447 Option 4
Email: email@example.com Europe Phone: +3...
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...