Author Topic: 3300 remote access  (Read 2287 times)

Offline nMitel

  • Full Member
  • ***
  • Posts: 102
  • Country: ca
  • Karma: +1/-0
    • View Profile
3300 remote access
« on: March 19, 2018, 11:24:44 AM »
Hi,

 I'm wondering if there is a way for me to call my 3300 system from and get access that will allow me to place calls that I don't want to place from the outside number I'm calling from?

Thanks
« Last Edit: March 19, 2018, 11:31:50 AM by nMitel »


Offline acejavelin

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4100
  • Country: us
  • Karma: +133/-0
  • High-tech, heavy metal redneck!
    • View Profile
    • Like what I do and wanna help out? Send me a donation!
Re: 3300 remote access
« Reply #1 on: March 19, 2018, 12:07:15 PM »
Do you mean DISA service? Sure, but it is a very dangerous option that is often exploited for toll fraud, most security guides recommend disabling it entirely.

Better to use a softphone or something similar...

Offline nMitel

  • Full Member
  • ***
  • Posts: 102
  • Country: ca
  • Karma: +1/-0
    • View Profile
Re: 3300 remote access
« Reply #2 on: March 19, 2018, 02:01:53 PM »
acejavelin, The reason I'm asking is that I believe, my system was hacked and multiple international calls were made from it I check the DISA setting to see if it was used to hack the system but it's not enabled. what got my attention is on one of the extension's voicemail box settings "Operator Extension (0)" field was changed to the international number that was called from my system but im still not sure how could the hacker change it and how did he use it to place the calls, any idea?

Offline PC77375

  • Full Member
  • ***
  • Posts: 191
  • Country: us
  • Karma: +6/-0
    • View Profile
Re: 3300 remote access
« Reply #3 on: March 19, 2018, 03:26:55 PM »
Is this a Nupoint or an Embedded voicemail implementation?

Offline acejavelin

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4100
  • Country: us
  • Karma: +133/-0
  • High-tech, heavy metal redneck!
    • View Profile
    • Like what I do and wanna help out? Send me a donation!
Re: 3300 remote access
« Reply #4 on: March 19, 2018, 03:32:02 PM »
Voicemail is a very common access point for hackers... There are guidelines on Mitel's website for security like password restrictions, but the best thing is to use ARS properly on all the ports, whether NuPoint or Embedded.
« Last Edit: March 19, 2018, 03:35:46 PM by acejavelin »

Offline ZuluAlpha

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 693
  • Country: us
  • Karma: +17/-0
    • View Profile
Re: 3300 remote access
« Reply #5 on: March 20, 2018, 10:18:41 AM »
acejavelin, The reason I'm asking is that I believe, my system was hacked and multiple international calls were made from it I check the DISA setting to see if it was used to hack the system but it's not enabled. what got my attention is on one of the extension's voicemail box settings "Operator Extension (0)" field was changed to the international number that was called from my system but im still not sure how could the hacker change it and how did he use it to place the calls, any idea?

If your embedded administrator mailbox has a default or common passcode attached to it, these changes can be made by calling in, selecting the admin mailbox, and modifying as desired.

Offline nMitel

  • Full Member
  • ***
  • Posts: 102
  • Country: ca
  • Karma: +1/-0
    • View Profile
Re: 3300 remote access
« Reply #6 on: March 21, 2018, 09:56:41 AM »
Thank you all for your inputs. I made sure that admin mailbox and all voicemail boxes have unique passcodes after the incident. I will have to keep an eye on the system and I will figure it out.

Thank you everyone.

Offline x-man

  • Hero Member
  • *****
  • Posts: 1129
  • Country: gb
  • Karma: +25/-0
    • View Profile
Re: 3300 remote access
« Reply #7 on: March 21, 2018, 10:29:00 AM »
Also use the three attempts and lockout for 15 minutes for invalid attempts to guess /scripted attack on VM passwords.


 

Sitemap 1 2 3 4 5 6 7 8 9 10