RE: War Dial on my PBX

From: Cotter, Joe (jcotter_at_everestusa.com)
Date: 06/25/03

  • Next message: James C. Slora, Jr.: "RE: strange logs -- tcp port 16166"
    Date: Wed, 25 Jun 2003 07:04:12 -0500
    To: "David Barnett" <dbarn064@earthlink.net>, <incidents@securityfocus.com>
    
    

    I would think the first thing to do is contact your local telco. You
    should work with them to determine who this is. They should be able to
    figure out who is initiating this attack (ANI or otherwise). It could be
    as harmless as someone having a misconfigured telemarketing system or a
    fax spammer looking for places to send junk. But I would START with your
    local telco.

    -Joe

    -----Original Message-----
    From: David Barnett [mailto:dbarn064@earthlink.net]
    Sent: Tuesday, June 24, 2003 5:41 PM
    To: incidents@securityfocus.com
    Subject: War Dial on my PBX

    My company's PBX system (Nortel Meridien) is getting hammered. All our

    DIDs are getting hit. Aside from disabling trunk to trunk, what could I
    do

    to help mitigate this problem. Another office last year was hit and

    through the voice mail system someone was able to make $25,000 worth of

    calls in a day. This was another system though.

    Any help is much appreciated.

    ------------------------------------------------------------------------

    ----
    Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas,
    the 
    world's premier technical IT security event! 10 tracks, 15 training
    sessions, 
    1,800 delegates from 30 nations including all of the top experts, from
    CSO's to 
    "underground" security specialists.  See for yourself what the buzz is
    about!  
    Early-bird registration ends July 3.  This event will sell out.
    www.blackhat.com
    ------------------------------------------------------------------------
    ----
    ----------------------------------------------------------------------------
    Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
    world's premier technical IT security event! 10 tracks, 15 training sessions, 
    1,800 delegates from 30 nations including all of the top experts, from CSO's to 
    "underground" security specialists.  See for yourself what the buzz is about!  
    Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
    ----------------------------------------------------------------------------
    

  • Next message: James C. Slora, Jr.: "RE: strange logs -- tcp port 16166"

    Relevant Pages

    • Information Needed on Malicious Traffic dropped by firewalls/IPS
      ... >> packets and broken packets are essentially indistinguishable. ... > world's premier technical IT security event! ... > "underground" security specialists. ... See for yourself what the buzz is about! ...
      (Incidents)
    • RE: tcp/19150 scans
      ... world's premier technical IT security event! ... Early-bird registration ends July 3. ... This event will sell out. ... See for yourself what the buzz is about! ...
      (Incidents)
    • RE: New Probes
      ... the world's premier technical IT security event! ... Early-bird registration ends July 3. ... This event will sell out. ... See for yourself what the buzz is about! ...
      (Incidents)