×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

Programming help needed for Vodavi 3501-01 KSU

Programming help needed for Vodavi 3501-01 KSU

Programming help needed for Vodavi 3501-01 KSU

(OP)
I need some help locking down my Vodavi 3501-01 - would this be the appropriate place to locate a consultant to assist?

Thanks!

RE: Programming help needed for Vodavi 3501-01 KSU

Locking down? Can you be more specific? There isn't much to lock on an STS...
Where on the planet are you located?

RE: Programming help needed for Vodavi 3501-01 KSU

(OP)
Sorry about that omitted details - am located in Bloomington, IN. Here's the rest of the story ...

We've had our Vodavi 3501-01 running without hiccups since installation in 2008. We use it with a single voicemail account (like an answer maching), because I hate voicemail. We have 1 remote employee who comes into the Vodavi KSU as an extension using FSX & FSO blackboxes over her internet connection. Last night (after I knew she wasn't working) I noticed 3 outgoing lines lit up as well as her extension. I knew something was wrong, so I unplugged the FXO box and all of the phonelines from our NIC and then reconnected them at which point the line lights went out.

When we got in this morning, I had a message from AT&T's International Fraud unit saying that a call had been made from one of our lines to the UK and this was typical of fraud activity. The AT&T guy explained that 99% of the time, the fraudsters penetrate the phone system by manipulating a remote dial tone access feature or call forwarding and they often establish new mailboxes on the system under attack (that go undetected). Apparently the purpose of all of this is to make my phone system call a "premium" overseas # where I'll be charged a ginormous per minute rate which will inure to the benefit of the fraudster. Thus began my day of trying to figure out how to fix this mess and a Google search on Vodavi 3501 lead me to this forum of heavy-hitters.

So what I want to do is disable (lock down) any feature that would permit remote dial-tone access or call forwarding. Reset any password that is a factory default. And disable any ability to remotely program the KSU. Lock it down so that if you're not sitting at a phone onsite or at the KSU, you're not going to be able to program the KSU.

Separately, I'm investigating whether the FXS/FXO is running within or outside of the VPN remote connection in the event that this might provide a point of malicious system entry.

Hopefully my situation will make a little more sense to forum members now.

Thanks in advance for any advice or direction that you can share with me!

RE: Programming help needed for Vodavi 3501-01 KSU

Good description! And my first knee-jerk reaction (before I read the line about investigating "inside VPN..) was that the FXO/FXS arrangement likely had the trouble.
Vodavi doesn't have Direct Inward System Access (DISA) enabled by default - however if the installer left the voicemail password at default, someone could have manipulated the auto attend.
If you don't need international calling, have carrier turn it off.
Program a toll restriction to prevent 011 calls without a forced and verified account code. A LONG and RANDOM account code.
Remember that the greater Caribbean is a part of the North American Numbering Plan, hence not "international" by many standards. Many more area codes than in years past.
From one of your phones, dial 499 and see if a modem answers. If so, you can maybe get remote assistance. Make sure that callers can't get to 499 via auto attend.

RE: Programming help needed for Vodavi 3501-01 KSU

(OP)
This is excellent advice. Thank you so much!!!

I too suspect the FXS/FSO as the malicious point of entry. I'm usually the last one to leave (have been turning off the KSU when I leave until we plug this hole). Right before I left, the FXS/FSO extension lit up and grabbed an outside line.

Currently we're using a Linksys PAP2T phone box (on the remote end) and a similar unit in our server cage. Any thoughts on something a little (LOT) more bulletproof?

Thanks!

RE: Programming help needed for Vodavi 3501-01 KSU

Use a point-to-point VPN for this traffic instead of port forwarding. WAY safer.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close