Security Attack!

khurram
Here to help

Security Attack!

One of my public IP was hacked last night kindly guide me how do i check that hackers IP and what data they have accessed and how to prevent these kind of attacks in future.

5 REPLIES 5
PhilipDAth
Kind of a big deal
Kind of a big deal

Start by saving the logs in the affected server and going through them.

Ideally you should tabs the server offline to you know how it was compromised.
Adam
Kind of a big deal

Also what indication do you have that you were hacked.  Starting there is a good point.  

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

i am using voip services and i haven't dial any international number but my SIP provider called and informed me that lots of international calls were made from your side in few days but i haven't dial any than how comes it possible? kindly guide me how do i check in my security appliance and how to prevent such attack in future.

PhilipDAth
Kind of a big deal
Kind of a big deal

Are you using SIP trunking (so you have a udp/5060 NATed through to your phone system) or SIP registration?

I had a client who was using Nextiva for their phone service.  They had a great feature where one could forward a voicemail from one user to another.  When that feature stopped working, I called Nextiva and they reported that they disabled it because it could be used to initiate calls from inside the voicemail system.

 

The hack worked by someone calling a company phone late at night and getting the users voice mail.  The hacker would use a dictionary hack to determine the pin, and then once inside the voice mail system they could make out bound calls.

 

Check with your phone provider to see if there is any way to make out bound calls from outside the system.  If there is, that may be your security hole.

Dave Anderson
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels