×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Foreign hacking attempts constantly
3

Foreign hacking attempts constantly

Foreign hacking attempts constantly

(OP)
Hello, I've got an Avaya IP office 500 V2 9.1 with primarily digital handsets but we do have 10 off site 9608 handsets.

Up until recently we haven't had a problem until we have been getting event notifications of constant attempts to log in to the manager using various credentials. These are all coming from foreign IP addresses from other countries.

We have very complex passwords to protect us but I'm wondering if there is any way for me to turn off this specific access since we do not use remote access to the system for configuration using manager we only use a local PC in the phone room for programming. Many thanks

RE: Foreign hacking attempts constantly

(OP)
How will this effect our 9608 off site handsets and our voice mail to email?

RE: Foreign hacking attempts constantly

VPN your 9608's or set them up properly as remote extn's with security

RE: Foreign hacking attempts constantly

Have a look at Geo-IP Filtering if your firewall supports it.

RE: Foreign hacking attempts constantly

Derfloh - that is what I thought ..

RE: Foreign hacking attempts constantly

Quote (safenestvmem)

we do have 10 off site 9608 handsets

Based on that and your thread I am assuming you have the IPO directly on a public IP which is why you are having hack attempts. You should NEVER put your IPO on a public IP for this very reason they will attempt to hack you and likely, at some point, eventually will hack you. The problem is I am betting you don't have the licensing to do remote worker the right way. You only get 4 remote workers for free and after that you need user licenses (like power user) which requires preferred edition. This is likely one reason this was done this way (the wrong way mind you) in the first place.

Since you likely could only have 4 remote workers you will likely have to setup a VPN on your firewall and then either VPN through the phone (which can be a pain) or a site to site if all the remote phones are at one location. You are looking at a lot of work and some hardware needed to do this the right way and really lock it down securely. How you have it setup (we are guessing but its likely based on the info) should of never been setup that way and will end up costing you and/or the customer in the end.

I attached where in the security guidelines it specifically tells you not to do this.

The truth is just an excuse for lack of imagination.

RE: Foreign hacking attempts constantly

Sounds like you don't have a firewall between the IPO and your internet connection (router)

I would very strongly advise installing one.

Biglebowskis Razor - with all things being equal if you still can't find the answer have a shave and go down the pub.

RE: Foreign hacking attempts constantly

block the administrative ports, they're in the upper default range of the 48-53xxx ports, stupid implementation on avaya's side.

______________________
|........................................|
|.....i.eat.bunny.children......|
|______________________|
(\__/) ||
(•Y•). ||
/ < )<||

RE: Foreign hacking attempts constantly

It is stupid, and that is why Avaya changed teh defaults (after some presure from members on this forum!!) to 40750-50750 (SE) or 46750-50750 (500) at R9.1 or R10 (can't recall).

The real issue was only UDP was needed to be forwarded in this upper range, but many people/dealers/engineers/firewall guys didn't have a clue, so forwarded TCP & UDP to be 'sure'. Hence you got admin ports 50790-50814 TCP sent through from the internet.

To sort this, either change your RTP range on the IPO and firewall to match. May as well use the new defaults of 46750-50750 UDP for you RTP, and trim down to your aactual needs. Don't push TCP through on these ports.

Or like others have suggested, you lumped a public IP on LAN 2. Which is very stupid indeed.

Either way, you ARE still going to get people trying to register phones, no way to stop it (without VPN anyway!. Only way to address this is with a proper security policy for passwords.

Every system we have, either with or without an SBC, is getting attemots all the time to register a phone. They just don't succeed!!!

Jamie Green

Avaya Registered Specialist Engineer

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close