×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Hacking from/using Avaya IP 1120E SIP Firmware

Hacking from/using Avaya IP 1120E SIP Firmware

Hacking from/using Avaya IP 1120E SIP Firmware

(OP)
Hello,

I see there was this thread opened here on Tek-Tips...
https://www.tek-tips.com/viewthread.cfm?qid=180153...

It's in regards to someone seeing an Avaya IP 1120E IP phone attempt to register to their IP Office. We are actually seeing the same thing here attempting to register (SIP) to a Mitel system. I'm just wondering if anyone else has seen this activity as well? We have confirmed with Mitel, and it does look like a hacking attempt (hundreds over the course of hours, from different DNs and different public IPs). Our captures are identical to the ones mentioned in the above thread. To us, it appears someone has hacked Avaya's 1100-series firmware and is using it to attempt to register to phone systems on the public Internet. Just wondering if anyone else has noticed this activity - we can't be alone on this.

Thanks!

RE: Hacking from/using Avaya IP 1120E SIP Firmware

Not hacked phone firmware, that i'm aware of just a faked user Agent string.

I have seen active attempts to register, been seeing them for the past few years.

I have seen successful registration attempts and big bills.

The user agent string might make a difference when registering to a PBX ponder

Please use secure user pins / phone extension passwords / user passwords

Try not to expose the sip registration ports to the internet without first thinking seriously about the security of your systems

Please do NOT expose port 7070 to untrusted locations.
https://downloads.avaya.com/css/P8/documents/10107...

RE: Hacking from/using Avaya IP 1120E SIP Firmware

That's where we use SBC for...

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close