8.0 ip office hacked!! 2

[Jonjr88]

The past few night my system has been getting hacked or something odd is going on. First time over 1000 SIP extensions and users were added, that happened a couple times now this time over 2000 SIP extns and users were added and all of my user rights were deleted and my manager folder with backups was cleaned out!!! I was told they were able to get through VMPro. Any help would be great. I do use SIP trunks and all passwords and usernames are changed and i ordered an SBC but i am not 100% convinced they are getting in through the WAN.

Thanks

 

[amriddle01]

Also create a route of 0.0.0.0 etc but point it to the Internal/other interface

 

[Gunnaro]

...And maybe have a firewall on. Block everything except for what you need to have open.

If you don't have one, use the internal Avaya firewall for now, and get one next business day.

Kind regards

Gunnar
__________________________________________________________________
Hippos have bad eyesight, but considering their weight, it’s hardly their problem

 

[Jonjr88]

so have a second route with the gateway of the IPO LAN 1?

 

[Gunnaro]

Ok. Jonaron. Open SSA, look in IP routes at the bottom of the menu.
Do you still see 0.0.0.0/0.0.0.0/wan/IP?

If yes, you have a Stun setting that needs attention. There will be a yellow warning right next to it.

Kind regards

Gunnar
__________________________________________________________________
Hippos have bad eyesight, but considering their weight, it’s hardly their problem

 

[Jonjr88]

no im not using a stun server sorry to confuse, i am asking amriddle01 what the gateway should be of the route that he asked me to add. should it be the LAN 1 address of the IPO?

 

[amriddle01]

That route is just to route any reply traffic that would normally go externally internally, so put the gateway as unused IP, basically if the IP Office has no route to follow sometimes it "helps" and routes out the most likely interface, you don't want that

 

[Jonjr88]

so for repeating but i should make the gateway any open address on my internal network?

 

[Jonjr88]

sorry for ****

 

[AACon]

No...the gateway is the router address you would direct traffic to, to reach another subnet.

-Austin
ACE: Implement IP Office

 

[amriddle01]

Jonaron, you can make it the router address but that would send replies back out, you don't want that, I would make it a dead address, it's to stop traffic from any address not specified being responded to, directing those replies to a dead end is the best way

 

[Jonjr88]

amriddle01 would it make sense to make the gateway a random address outside my internal network or use a dead internal address??

 

[amriddle01]

It won't accept an address outside your network as then it couldn't actually route anything, make it a dead one

 

[amriddle01]

Also, if you have the system set as DHCP client on either interface that will also create a 0.0.0.0 route automatically....again you don't want that

 

[Jonjr88]

cool!! Thank you everyone for all your help!! now i know how i will be installing SIP trunks in the future.

 

[Jonjr88]

so if i delete that auto route will it stay deleted??

 

[amriddle01]

It's best to get a provider that has an SBC and doesn't require STUN, that way the system can sit on the network behind the firewall and you're safe as houses

 

[Jonjr88]

ok i will try that as well. again thank you!!

 

[amriddle01]

You don't see the route in programming only in SSA, so no you can't delete it, you need to statically assign addresses to avoid this

 

[Gunnaro]

Jonaron, if you have made other systems like this, you might want to do the same adjustments to them

Kind regards

Gunnar
__________________________________________________________________
Hippos have bad eyesight, but considering their weight, it’s hardly their problem

 

[Gunnaro]

Wouldn't hurt to hand out a star or two...
That way other members will see that there is a solution in this thread and can take immediate actions.

Kind regards

Gunnar
__________________________________________________________________
Hippos have bad eyesight, but considering their weight, it’s hardly their problem