Greetings! Are you sure the calls are not automated SPM (voice or fax telemarketers)? Such should be fairly easy to stop once you got a hold of a single instance/copy, so I guess this is not the case. So what you experience seems to be a brute-force attack against your phone system where the attacker seems to try to get access to connection and/or voicebox control. They usually call boxes/numbers and try different combinations of DMTF in hope to find a combination that gives them access. Often these access codes work even if they are not announced in the voice help. On Wed, 25 Jun 2003 01:03:26 -0500 "Dave Phelps" <tippenringat_private> wrote: > There's not a lot you can do. I'd like to object here. One is to secure your phone system (here: Meridian). This way you can (depending on your business needs) disable remote controlling and thus discourage phreaking attempts ("nothing to gain here, sorry pal..."). Depending on the phone system you can even try to tarpit callers (e.g. IVR set to loop a "Sorry, not implemented - press 0 to return to main menu"). Second you can evaluate the logs - if the caller did not disable CLID you have his number. Else - see previous posting: turn to your telco. > As far as voicemail insecurity, the problem is virtually always the > subscribers using weak passwords that get penetrated. ...or a weak configuration of the PBX itself, if it was left with all possible services enabled. Especially the Meridian had a bad record of being shipped with all stuff enabled as factory default. Strong passwords did not help here, only bastioning (i.e. proper configuration) of the system. OTOH we regularily find >60% of all voice box passwords still being set to the default when performing an audit in companies. Ask your contracted telephone system supplier/supporter for help to secure your system. If he cannot help, ask experts, maybe even turn directly to the hardware company. Shameless plug: we provide such support for Nortel, Ericson and (of course) DeTeWe systems in (continental) Europe. Bye Volker Tanger ITK-Security DeTeWe AG & Co. KG Fon +49 30 6104-3307 Fax +49 30 6104-3435 http://www.detewe.de/ -- ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Jun 25 2003 - 20:05:17 PDT