Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Newbie. Hacker connecting as an SIP phone even after changing the phone password 2

Status
Not open for further replies.
MontrealSoft

MontrealSoft

Vendor
Oct 5, 2002
302
CA
That sums it.
I'm new to all this IP stuff, used to work only with Norstar.

So I set this customer with 2 9606 phones outside of his office, as well as an SIP app on his iPhone.
No vpn involved; as I opened the required ports in the firewall.

All worked perfectly for a few days, but at one time, his iPhone app started disconnecting.
I loaded the monitoring app, and sure enough, I could now see a "CounterPath eyeBeam" with an IP I didn't recognize (37.8.44.62).
So I changed the supervisor password for that extension, so my customer could change it in his iPhone and reconnect.
But the problem persisted, he kept getting kicked out by that hacker, even after a system restart.
WT... ?!

For now, I changed the 3060 ports to something else, and problem seems fixed, but... I am very puzzled about this !
How come they can connect as an SIP phone without knowing the password ?

MontrealSoft.com
 
Sort by date Sort by votes
How complicated is your password?

Putting IPO on a public IP is generally a bad idea as you discovered.

"Trying is the first step to failure..." - Homer
 
Upvote 0 Downvote
No vpn involved; as I opened the required ports in the firewall.
Click to expand...

there is your problem

one you have the IPO visible on he public network you are at risk
even if you have change all of the security settings & passwords & the passwords on every user there is still the danger of a brute force attack

+ you have allowed the hack to identify the system as an IPO so he know where to try any other exploits or weakness that come to light.




Do things on the cheap & it will cost you dear
 
Upvote 0 Downvote
You need to do this the correct way.
Protect you IPO behind a firewall.
Use VPN for the remote phones.
 
Upvote 0 Downvote
Thanks guys.

I tried to VPN but had poor results in the past when it came to configuration or when an end user experiences ip changes or weak internet connection.

What is a recommended vpn router I could use ? I'd appreciate if the customer wouldn't have to install vpn routers at the clients, ie use the one built in the 9606 (and in the iPhone).

Thanks

MontrealSoft.com
 
Upvote 0 Downvote
Net gear certainly work as well as Cisco

I am pretty sure Avaya have a list of supported routers but it may be a little out of date



Do things on the cheap & it will cost you dear
 
Upvote 0 Downvote
Or, certificates. If you disable TCP/UDP and only leave TLS open and absolutely need a certificate, it'd still be possible to try to login, but you'd need the extra step of snagging the certificate from the IPO in a packet capture for TLS negotiation to even start.

Or, blacklist "not your country's" public IPs

And in the SBC, you can specify things on a per-user agent basis - so, "Avaya *" passes but "Counter*" doesn't.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MikeeOK
  • Question
J100 Phone snot changing SIP proxy when changed in 46xsettings
Replies
8
Views
398
derfloh
derfloh
M
  • Locked
  • Question
Avaya vantage sip login failure when ever the phone restarts
Replies
6
Views
666
Michael Addisu
M
JM2009
  • Question
IPO500 IP Phone 1608 LCD display did not clear after release the call
Replies
1
Views
151
Mo. Abdullah
Mo. Abdullah
dsm600rr
  • Locked
  • Question
One Phone Sending CID as "Unknown" 1
Replies
8
Views
756
derfloh
derfloh
kgoth
  • Locked
  • Question
ACO Phone Directory hatred
Replies
2
Views
396
kgoth
kgoth

Part and Inventory Search

Sponsor

Back
Top