Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Warning: DX2030 has been hacked

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #31980
    HAL
    Guest

    Hi everyone, Hi Mike,

    We are a VoIP Provider in Europe and Our DX2030 which is alocated in other country in Europe and connected direct to a big Telecom provider, has been hacked over the weekend from a provider named CHINANET-GD. The Technical details of our Quintum is as bellow:
    Manufacturer: Quintum Technologies
    Product Name: Tenor DX
    H/W Version: 0 [1 0 0 0]
    S/W Version: P107-09-00
    DS1 Info: 2 DS1
    Protocol: H323
    Status: Registered
    Network: xxx.xxx.xxx.xxx (Static)
    Total Calls: 0

    This Hacker succeeded to send THOUNSED of calls using the Following IP Addresses:
    113.105.152.32 – 113.105.152.34 – 113.105.152.48 and ASTERISK (SIP!!!)

    After connecting through the Config Manager to the Quintum, nothing has been changed in the Config, and I have changed immediatly the pwd and disabled the DI completly.

    Our Quintum is configured with all important steps to secure it:
    -Strong Admin Password
    -EPAD
    but I can’t set the webserverport and the managmentAccess Parameter to 0 because the Tenor as I montioned is allocated in another country and I need remote access to it.

    So my Questions:

    1. How they Succeeded to send Calls with SIP and we are using H323 and EPAD?
    2. If they hacked the system why they didn’t change the pwd and the config?
    3. WHY THEY STILL CAN SEND CALLS EVENIF I CHANGED THE PWD?

    In the alarm history I found logs like as bellow with diferent Channel numbers:
    xxx.xxx.xxx.xxx:858445:RPT:4:Miscellaneous Information (PriTermCall: Channel 31 on slot=2 device=0 line=1 rejected by the peer.):0:0:0:0:SUN APR 18 13:40:23 2010

    Any comment would be appreicated.

    Thanks and regards
    HAL

    #31981
    MikeM to Hal
    Guest

    Hal,

    There is much confusion on this and I believe Quintum is adding some additional language in their reference guide.

    1. All Gen 2 quintums will support both H323 and SIP for term calls. You do not have to enable anything special for this.

    2. EPAD is ONLY FOR H323 and ONLY if the quintum is its own gatekeeper (this is by default).

    3. SIP calls will be allowed from anyone unless you set the Allow Only Proxy Calls under the SIP Signaling Group to enable (sipsg–>set aopc 1–>submit). By doing this, no sip calls will be allowed unless you have a sip server/proxy setup and that the provider’s IP address is configured into that proxy/server.

    Give that a try.

    MikeM
    mike_voip@hotmail.com

    #31982
    frank ditlefsen
    Guest

    Did you get any answer??

    Weve just noticed the same, as you describe. But we manage to blok the IP adresse out, of our network.

    #31983
    Linz
    Guest

    Who is this dude on 113.105.152.32 and why hasn’t he/she been shut down ?

    A customer of mine has just had the thing happen to him.

    Quite simply, 113.105.152.32 is a Red Hat Linux host with Asterisk running on it which is actively exploiting VoIP PBX servers that have hairpin call routing inadvertently enabled.

    I’m actually surprised that this has been going on for so long.

Viewing 4 posts - 1 through 4 (of 4 total)
  • The forum ‘Voice over IP’ is closed to new topics and replies.