Hi guys, totally stumped with this one.
Customer has IPO 8.1 (85)
3 t7208 digi phones
2 analog ports with no phones connected, but has extensions configured.
1 remote h323 phone
internet facing public IP on the Wan ( I know this is nuts, but it's not my choice)
After using audit trail and seeing "unknowns" trying to connect to the system, the customer changed all the security users' passwords, and the administrator password.
Today while on site the phones randomly started going off hook on speaker phone and dialing a number in Israel. Using system status, active calls, you just see it as if a user picked up the phone and dialed the number.
Do any of you know what they were using to connect to the IPO and make those calls? Audit trail shows nothing and system status wasn't any help.
I have checked all short codes and none seems out of place. Any help will be gladly appreciated.
Thanks
Customer has IPO 8.1 (85)
3 t7208 digi phones
2 analog ports with no phones connected, but has extensions configured.
1 remote h323 phone
internet facing public IP on the Wan ( I know this is nuts, but it's not my choice)
After using audit trail and seeing "unknowns" trying to connect to the system, the customer changed all the security users' passwords, and the administrator password.
Today while on site the phones randomly started going off hook on speaker phone and dialing a number in Israel. Using system status, active calls, you just see it as if a user picked up the phone and dialed the number.
Do any of you know what they were using to connect to the IPO and make those calls? Audit trail shows nothing and system status wasn't any help.
I have checked all short codes and none seems out of place. Any help will be gladly appreciated.
Thanks
