Mitel Forums - The Unofficial Source
Mitel Forums => Mitel MiVoice Business/MCD/3300 => Topic started by: nMitel on March 19, 2018, 11:24:44 AM
-
Hi,
I'm wondering if there is a way for me to call my 3300 system from and get access that will allow me to place calls that I don't want to place from the outside number I'm calling from?
Thanks
-
Do you mean DISA service? Sure, but it is a very dangerous option that is often exploited for toll fraud, most security guides recommend disabling it entirely.
Better to use a softphone or something similar...
-
acejavelin, The reason I'm asking is that I believe, my system was hacked and multiple international calls were made from it I check the DISA setting to see if it was used to hack the system but it's not enabled. what got my attention is on one of the extension's voicemail box settings "Operator Extension (0)" field was changed to the international number that was called from my system but im still not sure how could the hacker change it and how did he use it to place the calls, any idea?
-
Is this a Nupoint or an Embedded voicemail implementation?
-
Voicemail is a very common access point for hackers... There are guidelines on Mitel's website for security like password restrictions, but the best thing is to use ARS properly on all the ports, whether NuPoint or Embedded.
-
acejavelin, The reason I'm asking is that I believe, my system was hacked and multiple international calls were made from it I check the DISA setting to see if it was used to hack the system but it's not enabled. what got my attention is on one of the extension's voicemail box settings "Operator Extension (0)" field was changed to the international number that was called from my system but im still not sure how could the hacker change it and how did he use it to place the calls, any idea?
If your embedded administrator mailbox has a default or common passcode attached to it, these changes can be made by calling in, selecting the admin mailbox, and modifying as desired.
-
Thank you all for your inputs. I made sure that admin mailbox and all voicemail boxes have unique passcodes after the incident. I will have to keep an eye on the system and I will figure it out.
Thank you everyone.
-
Also use the three attempts and lockout for 15 minutes for invalid attempts to guess /scripted attack on VM passwords.