If anyone is interested in helping create a new site logo please email webmaster@allworxforums.com

PLEASE NOTE: Allworxforums.com is not owned, nor run by Allworx Corp. The views and opinions found on this forum are not necessarily the views of Allworx or the forum moderators. Neither Allworx nor the forum will be held liable for any information found on the forum. The Allworx logo and name is a registered trademark of Allworx Corp.

FYI - Security vulnerability with Allworx

General installation and configuration help.
Post Reply
kellenw
Posts: 20
Joined: Tue Jun 07, 2011 1:31 pm

FYI - Security vulnerability with Allworx

Post by kellenw »

http://www.reddit.com/r/sysadmin/commen ... erability/

I recently had the same thing happen on a system as the author reports in this link. Essentially, if a sip hacker can access the web port (80) of an Allworx phone, they are able to retrieve the phone's sip registration info. Once the hacker combines this with the spoofed mac address of the phone, which Allworx provides without even logging into the phone, the hacker is able to trick the Allworx server into thinking they have a legitimate and properly registered phone, have all the rights of that handset/user combination.... and can place outbound calls. This is primarily a concern for those who have deployed remote phones.

Obviously, if any remote phones have been placed in a DMZ or are otherwise not protected by a firewall and accessible over the wan, they are vulnerable to this hack. If you or the remote phone user has forwarded port 80 to the phone, it is vulnerable. It is not uncommon for users who have a remote phone at home to place their phone in their router's DMZ due to nat issues with some home routers, and their lack of understanding how to forward or open ports for their phones. To them, the DMZ works, so no reason to care otherwise.

I would strongly suggest doing a quick check of all your remote phones and making sure that port 80 is not available over the wan on any of them. I would also recommend adding international area codes to the blocked numbers list in your system's Dialing Privileges Group (under dial plan). Many ITSP's block international calls by default, but not all of them. It might also be worth checking with your ITSP's if they block them or have any kind of abuse protection in place.
Post Reply