Hi Guys
A while back I found a third party SIP extn registered to our IPECs that none of my work mates had entered. It also had an IP address that originated in Egypt.
It seems that hackers come in on port 5060 and register a SIP extn by correctly guessing extn and password or some way that is unknown because all our passwords are now strong.
Fortunately we are toll barred in night service and have no SIP extn licences so getting out of our system can not happen.
The fact they got in this way in the first place is concerning though. And if you are a comms company that sells IPECs there is a chance you may be a target if your PABX is IPECs. We suspect they got to us by searching the web.
The fix is PGM 210 set REMOTE register to "Deny" ( not the default )
PGM 211 Select your entire extn range and check that 407 authentication is on ( should be on in default )
Hope this is useful.
A while back I found a third party SIP extn registered to our IPECs that none of my work mates had entered. It also had an IP address that originated in Egypt.
It seems that hackers come in on port 5060 and register a SIP extn by correctly guessing extn and password or some way that is unknown because all our passwords are now strong.
Fortunately we are toll barred in night service and have no SIP extn licences so getting out of our system can not happen.
The fact they got in this way in the first place is concerning though. And if you are a comms company that sells IPECs there is a chance you may be a target if your PABX is IPECs. We suspect they got to us by searching the web.
The fix is PGM 210 set REMOTE register to "Deny" ( not the default )
PGM 211 Select your entire extn range and check that 407 authentication is on ( should be on in default )
Hope this is useful.