Plantronics + Polycom. Now together as Poly Logo

Some kind of fraud going on.

SOLVED
Highlighted
Trusted Contributor

Some kind of fraud going on.

Bit of a general discussion but neither I or one of my long serving colleagues has ever seen anything like this before.

Corporate Customer. VSX7000e/VSX5000 & HDX8000 in 3 differenct rooms. The VSX8k & HDX8K have ISDN BRI lines attached from their PBX PRI.

Since mid-Augiust they received a £30k ISDN bill.

PBX CDRs indicate the VC kit was being called by & instructed to call primary rate numbers in Ghania, Liberia etc.

The devices are not on the corporate lan but have their own public IP addresses (no NAT).  They cannot be telnetted from "out here" nor can the web UI be accessed. V3.0.1.x is in use.

For now I've advised they turn off auto-answer, upgrade to V3.1.2 & dissable Telnet (if not already).

Anyone seen anything like this or could see how thius could be acomplished?

Pete

Message 1 of 4
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Polycom Employee & Moderator

Re: Some kind of fraud going on.

Please refer to the Polycom security web site for details on items like this.

 

www.polycom.com/security

 

There is a link to the security center on the right side of the page.

View solution in original post

Message 3 of 4
3 REPLIES 3
Highlighted
Honored Contributor

Re: Some kind of fraud going on.

I don´t know if it´s the same problem but i know some customers who had similar problems.

We found out, that someone had called the extensions number (which, in this case was on of the bri lines) and entered a standard pin to access the pbx (customer had left the default pin number unchanged). From the pbx the "hacker" programmed a call forwarding to primary rate numbers outside germany. So maybe the problem isn´t in this case the vc system but the pbx.

Check if the pbx can be accessed with a standard pin and if the pbx can be accessed from outside (modem connection or someting else).

Kind regards,
Uwe
Message 2 of 4
Highlighted
Polycom Employee & Moderator

Re: Some kind of fraud going on.

Please refer to the Polycom security web site for details on items like this.

 

www.polycom.com/security

 

There is a link to the security center on the right side of the page.

View solution in original post

Message 3 of 4
Highlighted
Trusted Contributor

Re: Some kind of fraud going on.

Thanks Uwe, Steven.  Other discussions with friends in the VoIP/SIP Service inductries also suggest that some one has "got at" the PBX & is dialing out on the ISDN numbers associated with the VC endpoint, hence the implication that it's the HDX/VSX that's doing this.  Of course, it's not.

Message 4 of 4