Mitel 3300 and Security Scans

[ralph]

We had another case today of someone running a security scan against the 3300 causing all of the phones to reset.
Has anyone else had to deal with this?

Ralph

[VinceWhirlwind]

Is this via an external-facing SIP trunk?

[ralph]

Internal scan.  It was a security audit of the network.

Ralph

[acejavelin]

Yeah, more than once... IHS (Indian Health Services) seems to have a particularly nasty scanning tool that causes this. We were able to get them to exclude the MCD's IP address and the problem went away at several sites.

[VinceWhirlwind]

OK, well if that was happening to me I would do this:
1/ Create an access list on the Controller's LAN switch that filters to just the Controller's IP addresses and logs every hit.
2/ After a week of this, I would examine those logs and create an access list on the switch that locked communications right down to what it uses.
It would look something like this:
Controller-->Phone Subnet : UDP 68(only if you use the controller for DHCP)
                                              UDP 50000-50511,
                                              (Maybe UDP 0-65535)
Phone Subnet-->Controller : UDP 67(only if you use the controller for DHCP)
                                              UDP 69
                                              UDP 20001
                                              UDP 50000-50511
                                              (Maybe UDP 0-65535)
                                              TCP 80,443,3998,3999,6800,6801,6802

[Hawaii5O]

I am facing a similar problem.  Are you referring to the 3300s layer 2 built in switch or the Switch that the controller uplinks to?  We have an HP 24port switch in between the voice equipment and the customers LAN.  Should aI create the Access list on the HP 24port switch?

[Dogbreath]

The CXi switch doesn't support ACLs so it would need to be on an external switch.