cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9155
Views
10
Helpful
34
Replies

Urgent!!!! Voice Gateway was hacked, were made thousand of L.D Calls

dmendoza
Level 1
Level 1

I have several 2800 Voice Gateways in several regions. How can I protect my H.323 GW? these Gateways have public IP addresses. Can I control or Authenticate my VOIP Gateways in order to eliminate a rogue Gateway can connect to my Gateway and they can make calls?

34 Replies 34

I suggest you use access list if it's from outside.

regards,

daniel

Thanks for yours comments and interesting examples, but nobody has made much examples or links how configure a Gatekeeper with Authentication with AAA using CSACS. Is it a good alternative, if the mayority of the Gateways have Publics IP Address?

Is it possible to Register and Authenticate H323 Routers and SIP end points with GK at the same time? Does Cisco GK only support H.323 or can support SIP endpoints?

Sir,

I didn't understand that your objetive was GK with ACS.

regarding GK, based on what I know, it's just for H.323.

regards,

daniel

I found this about GK:

Gatekeeper Features

The following sections describe the main features of a gatekeeper in an H.323 network:

• Zone and Subnet Configuration

• Terminal Name Registration

• Inter-Zone Communication

• Endpoint Identification via RADIUS/TACACS+

• Accounting via RADIUS/TACACS+

• Inter-Zone Routing Using E.164 Addresses

I was wodering if someone has configured this capabability :

• Endpoint Identification via RADIUS/TACACS+

This feature apply for users for billing porpouse in a internal Network or could be used to authenticate Gateways, too?

I have a billing system but I am not Authenticating Gateways, my endpoints in my case are others Gateways with TDM E1/T1 using others Gateways not user with a only one Phone.

I think this needs some clarification, because it can be a very important issue.

First, I would check out this tip:

http://www.cisco.com/en/US/products/sw/voicesw/ps4625/products_tech_note09186a00809dc487.shtml

Then, you need to understand these basics:

H323 will respond to any request on any interface on TCP port 1720 by default. This applies even if you have the bind command.

SIP will respond on any IP address on UDP/TCP 5060 by default as long as the router has a voice-port. If you bind the media address, SIP will only respond on that address.

This means in short - even if you're running an H323 only gateway, you are still capable of bouncing incoming SIP traffic out your dial peers. It is very common to see a H323 only gateway with a .T or 9.T pots dial peer, and attackers hit the public IP address, it matches an incoming voip dial peer (or dial-peer 0), and then the wildcard matches the PSTN pots wildcard dial peer.

If you have a public IP address, make sure that you disable all SIP traffic on TCP/UDP ports 5060. You can use 'show tcp' or 'show ip socket' or 'show udp' to see some of the open ports.

HTH,

Nick