Messages

1

SIP On Mitel / Re: 5330 Handsets and SIP configuration

« on: January 21, 2016, 12:02:19 PM »

Hey man.  Sorry to tell you, all the files i have are the ones included here.  I have not found any others.  That being said, i believe the MinetIp5340.bin contains the EN language files as default. 

2

SIP On Mitel / Re: 5330 Handsets and SIP configuration

« on: September 29, 2015, 03:44:33 PM »

Looks like the 5320 and 5330 are very similar.  Difference being the number of programmable line keys.  Possibly this firmware will work with the 5320 as well.

3

SIP On Mitel / Re: 5330 Handsets and SIP configuration

« on: September 29, 2015, 11:12:47 AM »

I haven't seen anything on the 5320 as far as i can recall.  Everything i have, i uploaded here.  Best of luck to you.

4

SIP On Mitel / Re: 5330 Handsets and SIP configuration

« on: May 04, 2013, 05:32:49 PM »

This is the Biggest hurdle we faced.  If you find it, please let us know.

Cheers,

Cmeilleur

5

SIP On Mitel / Re: 5330 Handsets and SIP configuration

« on: May 01, 2013, 10:15:30 PM »

Ohhh, look what i found.  This is from an older release, but should get you started.  I forgot i had this.

Cheers ,

Cmeilleur

ATTATCHED

6

SIP On Mitel / Re: 5330 Handsets and SIP configuration

« on: May 01, 2013, 10:11:21 PM »

Not that i can recall.  However, you can work through the values if you have access to the UI of the phone. from the phones UI, you can see the "Live" config on the phone.  This is done by browsing to :

http//IPOFYOURPHONE/download.txt

Through noting and changing values in the UI then parsing the above referenced file that is live on the phone and comparing, you can deduce what values do what.  I have used this Many times to figure out provisioning for various devices.  Is there anything you need guidance on in particular?

cmeilleur

7

SIP On Mitel / Re: 5330 Handsets and SIP configuration

« on: May 01, 2013, 09:02:20 PM »

Awesome thinking man.  Keep us posted.

8

Non-Mitel Chatter / Re: SIPvicious

« on: April 11, 2013, 02:24:38 PM »

Let me make a quick correction, when i am refering to the "Username" i was actualy meaning the Peer name and the Username. 

When an endpoint registers ( trunk or otherwise) on asterisk for example, asterisk checks so see if that is the correct user / password.  IF the username is found but the password is correct, a 401 Unauthorized is sent.  If the User name is NOT found then a 404 will be sent.  The attacker now knows that that is a valid username. 

Same goes for an attack that is scanning by way of using SIP invites.   It will send an invite to the sip server using the prospected "peer name".  In this scenario the attacking script will note a difference in "Not found" and "Unauthorized"

Quite simply, stay away from dictionary names.  Change it up, use capitols and numbers.  For example, instead of "tomato" (cuz tomatoes are a super yummy friut) i would use "t0Mat0".

Cheers,

Cmeilleur

9

Non-Mitel Chatter / Re: SIPvicious

« on: April 10, 2013, 10:22:57 PM »

Ralph,

I Am comming for the Carrier side of things and we see sip viscous attatcks all the time.  Usually they are scan's done in ip netblocks all in close succession.  This is likely why you seen 1 customer with an issue and then another one shortly after.  The gateways were likely on the same subnet or rather close.  A few things we do to protect against this:

1: fail2ban on all linux servers passing sip traffic.  I get on the norm 3 emails daily of IP's that are getting blocked.
2. ALL our voice gateways (with the exception of customer VoIP ATA's and what not) are on private vlan's and ACL'd so as no traffic is allowed into or out of that vlan from the internet.  Only back to the SBC, Switch or PSTN terminatin gateway
3. Firewall on the Gateway terminating the trunk.  This will drop any packets not coming from our trunking server, and the server is set to pass traffic to the gateways IP only.
4. When Registering, ensure not only the SIP password is safe, but the Username as well.  SIPVicious in doing it's scan, will be able to tell the difference between "SIP 404" and "SIP 401"  Once it finds a username of a peer that is "unauthorised" vs "not found", it can keep hammering at it to auth, this is where fail2ban comes in.
5. Notification on ALL toll call activity out of the norm, or IP's blocked by Fail2Ban and firewall triggers.  It is essential to get this information quickly in the event there are serious issues that arise.
6. Secure mailbox passwords ( this is a must)

As far as liability goes, If it was the SIP gateway that was compromised and it is owned and maintained by the provider, then they are on the hook.  Conversely, if the trunk is secure and this was a dial in hack or "phreak", then the end user is on the hook.

I have personally never has one of our gateways or servers compromised, but have seen many customer side devices get hacked for toll fraud that were incorrectly configured.  Luckily with our monitoring in place, we mitigated the damages by either killing the destinations or halting the sip peer.

10

SIP On Mitel / Re: 5330 Handsets and SIP configuration

« on: April 10, 2013, 09:32:04 PM »

For anyone els looking into this, mitelfatigue did get his phone online and working.  The problem seems to be the same with all the phones, the sip5324ttnlang_en_US.bin or the sip5340ttnlang_en_US.bin seems to be needed and missing.  this ls the language file for the UI of the phone.  Luckily between mitelfatigue and I we had a choice of French or German as we are both multilingual.    Once I set the TFTP server to a server having the given language file, firmware files and MN_Generic.cfg it was on like donkeykong.  I know it isnt ideal, but  at least it opens the web ui to those of you that can read German, French, Espanol, etc.  I cant for the life of me remember how i got the 5340's to english.  I don't have the EN files anywhere, so that means i never did.  However I do remember setting them up in French before i got them to english.

Once the phone is ONLINE and you can log into it, you can dump it's specific config file by browsing to

http://HTTP://IPOFYOURPHONE/download.txt

you can take this (it is in english) and save it to MN_MACOFTHEPHONE.cfg on your tftp.  With this you will be able to modify this file for any settings you need to put in the phone, then reboot the unit.  These settings can also be broken up into MN_Generic.cfg and MN_User.cfg.  I beleive the order of file precedence is Generic, MAC, User.  This also includes user and admin passwords, so be carefull.  The password is an MD5Hash of your actual password. you can generate a new password here:

http://www.adamek.biz/md5-generator.php

if ANYONE has access to ANY of the en_US, en_CA, en_AU files mentioned above, PLEASE send me a message.  Maybe we can get a functional download that is usable by all up here.

 Regards,
Cmeilleur

11

SIP On Mitel / Re: 5330 Handsets and SIP configuration

« on: April 03, 2013, 09:48:39 AM »

The files are in ZIP archive format.  You should be able to open those on a MAC.  inside those files are the bin files for the phone.  It's not  so much that firmware is old, but rather the phone needs to download a SIP software.  After that you are gravy.  Honestly though, once i had the files on our TFTP server, i just pointed the phone and away she went.  Checking the TFTP logs to see where it is failing is a good start.

If you want to PM me privately i can take a look at what you are working with.

12

SIP On Mitel / Re: 5330 Handsets and SIP configuration

« on: April 03, 2013, 09:13:05 AM »

mitelfatigue, Do you get the basic web ui on the phone asking for tftp server and language selection?  If so, i think you just need the files I posted on 4shared on a tfto server and that should do it for you.

13

SIP On Mitel / Re: 5330 Handsets and SIP configuration

« on: January 10, 2013, 02:04:49 PM »

Wow, it's been a While, but as far as remember, the phone had just a BASIC web interface that was looking for a language selection anf tftp server address.  once i had put thte files on my tftp, it grabbed em and i was good to go.  I'd love to be acly to help further, but it slips my mind.  I do still have the generic and specific configs.  if you'd like i can negate my custom calues in them so you can have a look as to what I used.

14

SIP On Mitel / Re: 5330 Handsets and SIP configuration

« on: January 10, 2013, 01:07:57 PM »

i dont see the en_us file in there, but i think it only needs the additional language files to change the language from default.  .  It seems to be the file structure for the 5330/5340 and the 5312 / 5324 are similar, and neither of them include that file.  The only files i have are the ones linked to above on 4shared.

15

SIP On Mitel / Re: 5330 Handsets and SIP configuration

« on: October 15, 2012, 08:22:08 PM »

I still have the Files locally if you'd like i can upload them.