|
|
Joined: Nov 2009
Posts: 602
Samsung Moderator
|
Samsung Moderator
Joined: Nov 2009
Posts: 602 |
They are very persistent. You should lock down the ports for IT Tool/DM immediately for 2 reasons, 1- there's a backdoor password that you have no control over. 2- if they hammer port 5090 it locks your system up (i just had this happen last week). Even worse if you have 23 open to the system for File control that password is always default and you cannot change it.
|
|
|
Visit Atcom to get started with your new business VoIP phone system ASAP
Turn up is quick, painless, and can often be done same day.
Let us show you how to do VoIP right, resulting in crystal clear call quality and easy-to-use features that make everyone happy!
Proudly serving Canada from coast to coast.
|
|
|
Joined: Jun 2006
Posts: 3,004 Likes: 4
Moderator-Samsung
|
Moderator-Samsung
Joined: Jun 2006
Posts: 3,004 Likes: 4 |
Change you SIP extension port in sip stack/ext/trunk options to something other then default and change the port forward in your router accordingly as well.
I had todo this as a couple of months ago they were hammering port 5060 with a asterix hack tool to try to get in and it locked up the sip stack requiring a reboot of the system and router.
|
|
|
|
Joined: Jul 2009
Posts: 157
Member
|
Member
Joined: Jul 2009
Posts: 157 |
Steve - is there a set range to the ports that can be used for SIP extensions? I havent tried going down the range (only just thought of that whilst writing this...) but when going up I can not get it to log in with anything past 5063? I have made sure ports in the modem are forwarded each time and set the same new port in SIP extension TCP port and SIP extension signal port, but anything above that just refuses to connect.
Haven't tried running any traces though, since the remote SIP client is my mobile and was doing this from home! Also means I cant lock the modem down to a set IP as the SIP client is my mobile phone which can connect from any IP the carrier gives me, or any WiFi network I connect to.
Cheers, Dave. Eco Communications Selling and installing Ericsson BP150/50/250 from 1996 to 2005 Samsung selling and installing since 2000 Toshiba selling and installing since 2004 Microsoft NT and SQL certified (10 years ago...)
|
|
|
|
Joined: Dec 2001
Posts: 232
Member
|
Member
Joined: Dec 2001
Posts: 232 |
You guys have my Full attention. Where's the popcorn. I'm shutting down ports now. Didn't realize some of these security issues. Is there a clearly defined list of ports used for each purpose on Samsung? Offline of course. TIA
|
|
|
|
Joined: Jul 2009
Posts: 157
Member
|
Member
Joined: Jul 2009
Posts: 157 |
This still works OK for incoming calls? Also, I changed ports on the SIP extensions as per above and could no longer get SIP trunks to register!! Had to change it back to what it was. Will try fiddling again today if I get time. I don't forward 5060 anymore, just use the "alive notify - options" setting in sip carrier options, and set it to a low value and it works with the need for 5060 for trunks.
The extensions i change the port from default
Cheers, Dave. Eco Communications Selling and installing Ericsson BP150/50/250 from 1996 to 2005 Samsung selling and installing since 2000 Toshiba selling and installing since 2004 Microsoft NT and SQL certified (10 years ago...)
|
|
|
|
Joined: Mar 2012
Posts: 140
Member
|
Member
Joined: Mar 2012
Posts: 140 |
Same happened in our office a few days ago! Somebody loged in via Non Samsung SIP client/phone and made lots of calls to Haiti! We'll really have to pay max attention.
|
|
|
|
Joined: Jun 2006
Posts: 3,004 Likes: 4
Moderator-Samsung
|
Moderator-Samsung
Joined: Jun 2006
Posts: 3,004 Likes: 4 |
Dave - I'll send you screen shots of my sip carrer and trunk/ext screens from my system (OS7200 MP20 4.60b). *edit* and my router port forwards *edit*
The 4.60b OS7030 files have been avail since release, they just haven't been shipping with them, though i got an email today saying all ones sent from today will come pre-loaded with 4.60b.
It's cause they don't want to unpack them, upgrade them and pack them up again that we don't get them with the new version at release.
They just change the files on the SD card for all the other systems.
Last edited by nameless; 09/19/12 06:37 AM.
|
|
|
|
Joined: Nov 2009
Posts: 602
Samsung Moderator
|
Samsung Moderator
Joined: Nov 2009
Posts: 602 |
I just block out entire regions (pretty much anything outside of the US such as all APNIC). Use this site to get the ranges you can block and where they are https://www.ipdeny.com/ipblocks/ Depending on your router version you can find premade config files just for this usually for cisco equip. If your really lucky and have a Linux firewall you can install software to block out specific countries and it updates the IP's for you Either way i would focus on Eastern Europe and most of Asia.
Last edited by Genesiscomm; 09/19/12 02:36 PM.
|
|
|
|
Joined: Jul 2009
Posts: 157
Member
|
Member
Joined: Jul 2009
Posts: 157 |
Na, cant get the system to fire up on SIP if I change the extension ports or activate Alive Notify - very weird. Will try again once we get our SIP account changed back from individual user accounts shortly.
I like the idea of the IP blocks - will look into that one as I have a couple of sites left I cant get access to the remote phones to reprogram anything.
Cheers, Dave. Eco Communications Selling and installing Ericsson BP150/50/250 from 1996 to 2005 Samsung selling and installing since 2000 Toshiba selling and installing since 2004 Microsoft NT and SQL certified (10 years ago...)
|
|
|
Forums84
Topics94,512
Posts639,933
Members49,844
|
Most Online5,661 May 23rd, 2018
|
|
0 members (),
114
guests, and
34
robots. |
Key:
Admin,
Global Mod,
Mod
|
|
|
|
|