Page 5 of 6 FirstFirst ... 3456 LastLast
Results 41 to 50 of 52

Thread: Hacker attempts

  1. #41

    Default

    Great news - thanks!

  2. #42

    Default

    Hi,

    Today I got called onto site by a customer who was experiencing problems with line registrations and inbound calls not connecting. On looking through the event logs it was full of failed registrations - as soon as I put a block on the attacking IP everything worked again within a couple of minutes.

    We also had this issue on another couple of Quadros and it would be good for the developers to get a fix out for this asap.

    Thanks,

    Tom

  3. #43

    Default Recovering call costs

    I have found out today that someone has hacked our system and been making outgoing calls costing us around £70 per month... I have an IP address, which I am now blocking and have blocked International calls on the Analogue outbound lines...

    two questions;
    1 - Any idea if we will be able to get money back if we can find out who it was?
    2 - Any thoughts as to why it routed this over PSTN rather than using the IP gateway as the call routing table says it should have?

    In a way I am glad it used the PSTN as it meant we found the problem!

    Thanks

    Dominic

  4. #44

    Default

    I am experiencing the same hacking attacks as described in this thread. The registration attemps are from China and Korea:
    60.172.230.110
    118.130.232.21

    I am using firmware 5.1.19
    The IP phones are registering on the WAN side.
    I am NOT using external IP phones.

    I already activated the Quadro firewall (low safety) but I am still puzzled how the hackers could get in through my router through port 5188 and 5249. I do not have these ports forwarded.

    In any case, what is the recommended course of action to get this fixed?

    1. Update the firmware?
    and/or
    2. Set the firewall to high safety and specify all ITSPs and local extensions? Can the ITSPs be allowed through a URL rather than an IP address? Does anybody have this working?

    Any suggestions are greatly appreciated.

  5. #45

    Default

    For complete set of the security measures take a look at the document at the link below:
    http://support.epygi.com/index.php?_...loaditemid=942
    .. as well as the follwing article in the KB:
    http://support.epygi.com/index.php?_...cleid=21&nav=0

  6. #46

    Default

    Like all the users, we have our fair share of such attacks. I have always tried to report such abuses and often get back responses that the ISP's customer's server had been hacked and now resolved.

    While a range of enhanced security measures are good to negate such attacks, the Laws in all countries need to be in consistent with the degree of damages caused by such hackers. For too long, legal deterrents in many countries are too light and not commensurate with the potential or actual damage suffered by users. For one, repeated system access to unauthorized resources should be made illegal globally similar to attempts in terms of child pornography and other crimes.

    For systems, lockouts should be implemented for repeated failed attempts, just like the admin login in the Quadro. This should also extend to repeated SIP logins from one IP or several failed attempts, say more than 1 per second. The Quadro should not respond on such attempts unless unlocked by the admin. This may remove a high percentage of such attacks.

  7. #47

    Default

    The SIP IDS in the latest firmware releases of Quadro is aimed to block the malicious IP addresses repeatedly trying to register on Quadro for making the unauthorized calls. Quadro stores them in the blocked IP list of the firewall and only admin can unlock those IPs.

  8. #48

    Default

    Hrant, is possible in all models? We test in M26X and is Ok, but in Quadro 4x and 6L is posible to use the SIP IDS??

  9. #49

    Default

    Yes, the feature will be available on all models, in the latest software releases.

  10. #50

    Default

    I just implemented case 2 of the "How to protect an Epygi Quadro from SIP Attacks" article.

    But by setting the firewall to high and only allowing SIP access, I now locked myself out of remote access! I cannot get on the epygi anymore...

    How do I get access back?



    Update: I got in on the LAN side with a laptop and opened up remote management. I would suggest to mention this in the article to allow "remote management" before activating the firewall!
    Last edited by keeskoets; 01-04-2011 at 04:32 AM. Reason: Problem solved

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •