Re: War Dial on my PBX

From: Dave Phelps (tippenring_at_tippenring.com)
Date: 06/25/03

  • Next message: Peter Busser: "Re: Intrusec 55808 Trojan Analysis" 
    To: "David Barnett" <dbarn064@earthlink.net>, <incidents@securityfocus.com>
Date: Wed, 25 Jun 2003 01:03:26 -0500

    There's not a lot you can do. Contact the fraud department at your service
    provider. They can catch the source of the call. Worst case, they'll
    probably tell you that you need to file a complaint with local law
    enforcement, and then a subpoena needs to be issued to get them to ID the
    source of the calls. By then, of course, the scan is over.

    It can't hurt to try though.

    As far as voicemail insecurity, the problem is virtually always the
    subscribers using weak passwords that get penetrated. Wait for the
    subscriber whose greeting says the word "Yes" a few times. That's the guy
    that had the weak password. The "Yes" is for when the operator (IVR) calls
    to ask if you'll accept the charges for a 3rd party call to India.

    ----- Original Message -----
    From: "David Barnett" <dbarn064@earthlink.net>
    To: <incidents@securityfocus.com>
    Sent: Tuesday, June 24, 2003 5:41 PM
    Subject: War Dial on my PBX

    |
    |
    | My company's PBX system (Nortel Meridien) is getting hammered. All our
    | DIDs are getting hit. Aside from disabling trunk to trunk, what could I do
    | to help mitigate this problem. Another office last year was hit and
    | through the voice mail system someone was able to make $25,000 worth of
    | calls in a day. This was another system though.
    | Any help is much appreciated.

    ----------------------------------------------------------------------------
    Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
    world's premier technical IT security event! 10 tracks, 15 training sessions,
    1,800 delegates from 30 nations including all of the top experts, from CSO's to
    "underground" security specialists. See for yourself what the buzz is about!
    Early-bird registration ends July 3. This event will sell out. www.blackhat.com
    ----------------------------------------------------------------------------

  • Next message: Peter Busser: "Re: Intrusec 55808 Trojan Analysis"