Well if you can determine the vulnerability & how to exploit it you should notify the vendor. I would hope that you have a firewall that limits the ipaddresses that can connect to the pbx to those that have a legitimate need
I would also consider something to limit traffic and watch the logs for brute force attacks There are many tools out there for testing voip install security John VIP Carrier wrote: > to me it look like there is some type of security whole in SwitchVOX > web gui that have coused this issue. > > On Sat, Feb 7, 2009 at 9:17 PM, VIP Carrier <[email protected] > <mailto:[email protected]>> wrote: > > Here is a sample of passwords for sip phone > *yEphe4A56U > * but for voice mails there was a simple passwords > * > * > On Sat, Feb 7, 2009 at 8:45 PM, Stefan Wintermeyer > <[email protected] > <mailto:[email protected]>> wrote: > > Am 08.02.2009 um 02:31 schrieb VIP Carrier: > > Here is an IP witch they have used to access a system > 116.122.36.95 > > Give me a break! > > If you can not stand the heat of the _dangerous_ internet: Get > your > self a pair of scissors and cut all network cables! > > If you run a server in the wild you have to know what you are > doing. > This is not a problem of SwitchVOX or any other kind of appliance/ > software. This is just a problem of having common sense and > knowledge > of the stuff you are doing. > > Stefan > > PS: In the good old times our clients all had official IP > addresses > and we used telnet to log into our Linux boxes. But things have > changed quite a bit since then. > > -- > AMOOCON 2009, May 4-5, Rostock / Germany -> > http://www.amoocon.de > Asterisk: http://the-asterisk-book.com - > http://das-asterisk-buch.de > AMOOMA GmbH - Bachstr. 126 - 56566 Neuwied -> > http://www.amooma.de > Geschäftsführer: Stefan Wintermeyer, Handelsregister: Neuwied > B14998 > > > _______________________________________________ > --Bandwidth and Colocation Provided by > http://www.api-digital.com-- > > asterisk-biz mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-biz > > > > ------------------------------------------------------------------------ > > _______________________________________________ > --Bandwidth and Colocation Provided by http://www.api-digital.com-- > > asterisk-biz mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-biz _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
