Security Incidents mailing list archives
Re: War Dial on my PBX
From: "Volker Tanger" <volker.tanger () discon de>
Date: Wed, 25 Jun 2003 18:37:39 +0200
Greetings! Are you sure the calls are not automated SPM (voice or fax telemarketers)? Such should be fairly easy to stop once you got a hold of a single instance/copy, so I guess this is not the case. So what you experience seems to be a brute-force attack against your phone system where the attacker seems to try to get access to connection and/or voicebox control. They usually call boxes/numbers and try different combinations of DMTF in hope to find a combination that gives them access. Often these access codes work even if they are not announced in the voice help. On Wed, 25 Jun 2003 01:03:26 -0500 "Dave Phelps" <tippenring () tippenring com> wrote:
There's not a lot you can do.
I'd like to object here. One is to secure your phone system (here: Meridian). This way you can (depending on your business needs) disable remote controlling and thus discourage phreaking attempts ("nothing to gain here, sorry pal..."). Depending on the phone system you can even try to tarpit callers (e.g. IVR set to loop a "Sorry, not implemented - press 0 to return to main menu"). Second you can evaluate the logs - if the caller did not disable CLID you have his number. Else - see previous posting: turn to your telco.
As far as voicemail insecurity, the problem is virtually always the subscribers using weak passwords that get penetrated.
...or a weak configuration of the PBX itself, if it was left with all possible services enabled. Especially the Meridian had a bad record of being shipped with all stuff enabled as factory default. Strong passwords did not help here, only bastioning (i.e. proper configuration) of the system. OTOH we regularily find >60% of all voice box passwords still being set to the default when performing an audit in companies. Ask your contracted telephone system supplier/supporter for help to secure your system. If he cannot help, ask experts, maybe even turn directly to the hardware company. Shameless plug: we provide such support for Nortel, Ericson and (of course) DeTeWe systems in (continental) Europe. Bye Volker Tanger ITK-Security DeTeWe AG & Co. KG Fon +49 30 6104-3307 Fax +49 30 6104-3435 http://www.detewe.de/ -- ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- War Dial on my PBX David Barnett (Jun 24)
- Re: War Dial on my PBX Dave Phelps (Jun 25)
- Re: War Dial on my PBX Volker Tanger (Jun 25)
- <Possible follow-ups>
- RE: War Dial on my PBX Cotter, Joe (Jun 25)
- RE: War Dial on my PBX Maria J. Vello (Jun 25)
- RE: War Dial on my PBX .:[ Death Star]:. (Jun 26)
- Re: War Dial on my PBX Dave Phelps (Jun 25)