Bit of a general discussion but neither I or one of my long serving colleagues has ever seen anything like this before.
Corporate Customer. VSX7000e/VSX5000 & HDX8000 in 3 differenct rooms. The VSX8k & HDX8K have ISDN BRI lines attached from their PBX PRI.
Since mid-Augiust they received a £30k ISDN bill.
PBX CDRs indicate the VC kit was being called by & instructed to call primary rate numbers in Ghania, Liberia etc.
The devices are not on the corporate lan but have their own public IP addresses (no NAT). They cannot be telnetted from "out here" nor can the web UI be accessed. V3.0.1.x is in use.
For now I've advised they turn off auto-answer, upgrade to V3.1.2 & dissable Telnet (if not already).
Anyone seen anything like this or could see how thius could be acomplished?
Solved! Go to Solution.
I don´t know if it´s the same problem but i know some customers who had similar problems.
We found out, that someone had called the extensions number (which, in this case was on of the bri lines) and entered a standard pin to access the pbx (customer had left the default pin number unchanged). From the pbx the "hacker" programmed a call forwarding to primary rate numbers outside germany. So maybe the problem isn´t in this case the vc system but the pbx.
Check if the pbx can be accessed with a standard pin and if the pbx can be accessed from outside (modem connection or someting else).
Thanks Uwe, Steven. Other discussions with friends in the VoIP/SIP Service inductries also suggest that some one has "got at" the PBX & is dialing out on the ISDN numbers associated with the VC endpoint, hence the implication that it's the HDX/VSX that's doing this. Of course, it's not.