HACKED! LD calls made from PRI 1

[jmazza]

Our site has a 6.1 Norstar that was hacked recently. The only thing we can tell is that the calls came from the receptionist's extension. The calls were made remotely as the building was locked at the time of the calls.

We turned off international with SBC and remote call fwding internally.

I'm thinking they made a local call to the switchboard and somehow got out through the AA. We have Call Pilot for vmail.

Anything obvious to check for and secure?

 

[bkrike]

search the forum for hacked call pilot- it has been covered

-change all your passwords
-disallow out dial and link at all mailboxes

It is really to much of security risk to explain everything that needs to be done in order to secure your system. I recommend you get in contact with a vendor who has experience with such matters.

 

[biv343]

Do as stated above. However, if there is a business need to outdial from mail for any reason (notifying pagers, cell phones of new messages, etc), at the bare minimum apply restriction filters to the voicemail DN's so they can only dial area codes you approve of. If there is no need to outdial from mail, then remove the line pool access from the voicemail DN's. Your vendor should be able to do this fairly easily if you're not comfortable digging in that deep.