CcIE Voice Hacking
From: Ashwin Iyer (ash.iyer@gmail.com)
Date: Thu Aug 14 2008 - 05:47:34 ART
Dear Voice experts
One of my customer has encountered a strange problem.His voice network is
being hacked from outside.It seems and this is my guess that some one from
outside is dialing to their board number and that call is going to voice
mail numbers (5000,7000-7099) and from their it is being transfered out to
PSTN.So it looks like a call made from inside.We have atleast elimiated the
possibility of this done from some one inside.I would like some suggestions
as to how this can be done from outside.I am attaching voice-gateway
configs.He does not have call mgr express.He only has call manager 4.1 I am
not much of a voice expert.So kindly help
thanks and rgds
Ashwin Iyer
sh run
Building configuration...
Current configuration : 7261 bytes
!
! Last configuration change at 12:37:45 UTC Tue Aug 12 2008
! NVRAM config last updated at 12:37:41 UTC Tue Aug 12 2008
!
version 12.3
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log datetime msec localtime
service password-encryption
service sequence-numbers
!
hostname ALBARAMI
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
logging console informational
--More-- ��������� ���������enable secret 5 $1$.e7E$Ao36PXAUtT.RPQTmqzLZY1
!
clock timezone UTC 4
clock calendar-valid
network-clock-participate wic 0
network-clock-select 1 E1 0/0/0
no aaa new-model
ip subnet-zero
no ip source-route
no ip gratuitous-arps
ip telnet hidden addresses
!
!
ip cef
!
!
ip domain name bgc.local
ip name-server 212.72.1.186
ip name-server 198.6.1.1
no ftp-server write-enable
isdn switch-type primary-5ess
!
voice-card 0
--More-- ��������� ��������� no dspfarm
!
!
voice rtp send-recv
!
voice service voip
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
h323
!
!
!
!
!
voice class h323 1
h225 timeout tcp establish 5
!
!
!
!
!
!
--More-- ��������� ���������voice translation-rule 2
rule 1 /24583900/ /5000/
rule 2 /2458\(....\)/ /\1/
!
!
voice translation-profile incoming
translate called 2
!
!
!
!
username cisco privilege 15 secret 5 $1$EYGK$E2yWN49qbdJ4bQ5zA4sfu1
!
!
controller E1 0/0/0
pri-group timeslots 1-31
description ******* Voice PRI to OMANTEL ********
!
!
!
interface FastEthernet0/0
no ip address
shutdown
--More-- ��������� ��������� duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/1
description ******** Port connected to Core Switch *******
ip address 11.1.1.1 255.255.255.0
ip access-group 150 in
ip access-group 150 out
ip directed-broadcast
ip nat inside
ip tcp adjust-mss 1452
duplex auto
speed auto
no cdp enable
h323-gateway voip interface
h323-gateway voip bind srcaddr 11.1.1.1
!
interface Serial0/0/0:15
no ip address
ip mroute-cache
no logging event link-status
isdn switch-type primary-5ess
--More-- ��������� ��������� isdn incoming-voice voice
isdn T306 60000
isdn T310 60000
no cdp enable
!
interface ATM0/2/0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/2/0.1 point-to-point
pvc 8/64
pppoe-client dial-pool-number 1
!
!
interface Service-Engine1/0
description ****** VoiceMail Module *******
ip unnumbered FastEthernet0/1
service-module ip address 11.1.1.3 255.255.255.0
service-module ip default-gateway 11.1.1.1
no cdp enable
!
interface Dialer0
description ******* ADSL dynamic IP data link *******
ip address negotiated
ip mtu 1452
ip nat outside
encapsulation ppp
dialer pool 1
dialer idle-timeout 3600
dialer wait-for-carrier-time 5
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname bgcmct
ppp chap password 7 121A15454311075727
ppp pap sent-username bgcmct password 7 121A15454311075727
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 10.1.1.0 255.255.255.0 11.1.1.2
ip route 10.1.2.0 255.255.255.0 11.1.1.2
ip route 10.1.3.0 255.255.255.0 11.1.1.2
ip route 11.1.1.3 255.255.255.255 Service-Engine1/0
ip route 14.1.1.0 255.255.255.0 11.1.1.2
--More-- ��������� ���������ip route 172.16.1.0 255.255.255.0 11.1.1.2 200
ip route 172.16.2.0 255.255.255.0 11.1.1.2 200
ip route 172.16.3.0 255.255.255.0 11.1.1.2 200
ip route 192.168.1.0 255.255.255.0 11.1.1.2 200
!
!
no ip http server
no ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 14.1.1.2 443 interface Dialer0 443
ip nat inside source static tcp 14.1.1.2 80 interface Dialer0 80
ip nat inside source static tcp 192.168.1.11 3389 interface Dialer0 3389
!
ip access-list extended ATTACK_MITIGATION
deny tcp any any eq talk
deny tcp any any eq finger
deny tcp any any eq whois
deny tcp any any eq gopher
deny tcp any any eq discard
deny tcp any any eq bgp
deny tcp any any eq chargen
deny tcp any any eq nntp
--More-- ��������� ��������� deny tcp any any eq ident
deny tcp any any eq uucp
deny udp any any eq mobile-ip
deny udp any any eq biff
deny udp any any eq xdmcp
deny udp any any eq netbios-ss
deny udp any any eq netbios-ns
deny udp any any eq sunrpc
permit ip any any
ip access-list extended RFC1918
deny icmp any any log
deny ip 10.0.0.0 0.255.255.255 any log
deny ip 172.16.0.0 0.15.255.255 any log
deny ip 192.168.0.0 0.0.0.255 any log
deny tcp any any eq finger
deny tcp any any eq whois
deny tcp any any eq uucp
deny tcp any any eq discard
deny tcp any any eq kshell
deny tcp any any eq klogin
deny tcp any any eq ident
deny tcp any any eq gopher
permit ip any any
--More-- ��������� ���������!
access-list 1 permit 14.1.1.0 0.0.0.255
access-list 1 permit 172.16.1.0 0.0.0.255
access-list 1 permit 172.16.2.0 0.0.0.255
access-list 1 permit 172.16.3.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 150 deny icmp host 11.1.1.3 host 192.168.1.3
access-list 150 permit ip any any
dialer-list 1 protocol ip permit
no cdp run
!
!
!
control-plane
!
!
!
voice-port 0/0/0:15
translation-profile incoming incoming
!
!
!
!
dial-peer voice 1 pots
tone ringback alert-no-PI
destination-pattern .T ***********************
progress_ind setup enable 3
fax rate voice
direct-inward-dial
port 0/0/0:15
!
dial-peer voice 7 voip
tone ringback alert-no-PI
shutdown
destination-pattern .T
progress_ind setup enable 3
progress_ind progress enable 8
voice-class h323 1
session target ipv4:192.168.1.3
dtmf-relay h245-alphanumeric
codec g711ulaw
fax rate disable
fax protocol pass-through g711ulaw
no vad
!
dial-peer voice 9 voip
--More-- ��������� ��������� tone ringback alert-no-PI
destination-pattern 3...
progress_ind setup enable 3
voice-class h323 1
session target ipv4:192.168.1.3
dtmf-relay h245-alphanumeric
codec g711ulaw
fax rate disable
fax protocol pass-through g711ulaw
no vad
!
dial-peer voice 2 pots
tone ringback alert-no-PI
incoming called-number 24583900
fax rate voice
direct-inward-dial
port 0/0/0:15
!
dial-peer voice 4 voip
tone ringback alert-no-PI
destination-pattern 5...
progress_ind setup enable 3
voice-class h323 1
--More-- ��������� ��������� session target ipv4:192.168.1.3
dtmf-relay h245-alphanumeric
codec g711ulaw
fax rate disable
fax protocol pass-through g711ulaw
no vad
!
dial-peer voice 3 voip
tone ringback alert-no-PI
voice-class h323 1
session target ipv4:192.168.1.3
incoming called-number .
dtmf-relay h245-alphanumeric
codec g711alaw
fax rate disable
fax protocol pass-through g711alaw
no vad
!
!
banner motd ^C
WARNING !!! This is secure device and highly restricted area. Your steps and workings will be logged and read on scheduled basis, so if you are NOT A LEGITIMATE USER , please log off, or serious actions can be taken AGAINST Violators ...
--More-- ��������� ���������^C
!
line con 0
password 7 1511021F0725
logging synchron
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4
: Mon Sep 01 2008 - 08:15:30 ART