Meraki

Community

Security Attack!

khurram
Here to help
‎Apr 23 2018 11:17 PM
‎Apr 23 2018 11:17 PM

Security Attack!

One of my public IP was hacked last night kindly guide me how do i check that hackers IP and what data they have accessed and how to prevent these kind of attacks in future.

0 Kudos
5 Replies 5
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 24 2018 12:54 AM
‎Apr 24 2018 12:54 AM

Start by saving the logs in the affected server and going through them.

Ideally you should tabs the server offline to you know how it was compromised.
0 Kudos
Adam
Kind of a big deal
‎Apr 24 2018 6:48 AM
‎Apr 24 2018 6:48 AM

Also what indication do you have that you were hacked.  Starting there is a good point.  

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
0 Kudos
In response to Adam
khurram
Here to help
‎Apr 24 2018 7:20 AM
‎Apr 24 2018 7:20 AM

i am using voip services and i haven't dial any international number but my SIP provider called and informed me that lots of international calls were made from your side in few days but i haven't dial any than how comes it possible? kindly guide me how do i check in my security appliance and how to prevent such attack in future.

0 Kudos
In response to khurram
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 24 2018 3:20 PM
‎Apr 24 2018 3:20 PM

Are you using SIP trunking (so you have a udp/5060 NATed through to your phone system) or SIP registration?

0 Kudos
In response to khurram
DHAnderson
Head in the Cloud
‎May 7 2018 3:13 PM
‎May 7 2018 3:13 PM

I had a client who was using Nextiva for their phone service.  They had a great feature where one could forward a voicemail from one user to another.  When that feature stopped working, I called Nextiva and they reported that they disabled it because it could be used to initiate calls from inside the voicemail system.

 

The hack worked by someone calling a company phone late at night and getting the users voice mail.  The hacker would use a dictionary hack to determine the pin, and then once inside the voice mail system they could make out bound calls.

 

Check with your phone provider to see if there is any way to make out bound calls from outside the system.  If there is, that may be your security hole.

Dave Anderson
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.