UCM6102 - 25 THOUSAND attempted calls within the last 24 hours


#1

Yup, that is not a typo. I have TWENTY FIVE THOUSAND attempted outbound calls in the last 24 hours from hackers. This is going on for way to long. Does this company have a solution to keep people out of our phone systems? The last I contacted support it was “do a software upgrade” which I did and that did nothing.

Anyone??? I am disgusted with the lack of security or solutions.


#2

you don’t have to look for the problem on UCM, Grandstream mica can create a doc protection for each location.
You have to check the firewall that is the only tool that can do this, you must have created the appropriate NAT (and no unnecessary NAT) but especially in ACL, if you open a door to the world what you have is the result.
UCM is just a user, you have to send him information only from trusted IP and not from anyone.
So don’t get angry with UCM, but ask those who haven’t created the right firewall rules.

second thing you have to create complex pswd and auth id, example:
user -> 201
auth id -> 201etyu
pswd -> aiJASJAN89@

if you leave user equal to auth id it means that “hackers” will already have 2 out of 3 settings in their hands. I hope I made myself understood.

I read and see too many installers that activate voip servers (of any brand) from customers without even thinking about security speech.
First of all we think about security, then about HW and only then we set up a quote to the customer.
There is a fundamental thing that the installer often forgets, if the customer suffers an economic damage, he can claim against the installer and ask for damages if the latter has not set up the various security protections, the consequences are well imaginable.


#3

Please consider the Telephone system as nothing more than that and place a good internet firewall in front of the telephone system. Only open up the ports to or from the Voice Supplier to the telephone system to prevent attacks…

If you rely on the telephone system to become the office firewall then the trade off’s might be call quality performance or even the telephone extensions / trunk being hacked and a costly telephone bill.


#4

Thanks guys. I thought by plugging the UCM6102 into the router, that was the firewall. I guess I was told incorrectly. This firewall you guys speak of, is this a hardware firewall or software?


#5

A firewall like a Fortinet, Cisco, Meraki, Ubiquiti, Juniper, pfSense, Netgate, SonicWall, Watchguard and more.

Often hardware for best optimisation but some software solutions exist like pfSense.


#6

This is a home based business where I have the phone setup in the home office. I have the internet/ tv/ phone service through a company called cablevision and plugged the UCM6102 into the netgear router. The netgear router is then plugged into cablevisions box.

Sounds like this is not providing the security I was told it would.


#7

The netgear router needs to be configured to be efficient. It probably has a basic firewall built-in tho.


#8

Thanks! So I assume that firewall is not sufficient and something like this https://www.amazon.com/dp/B00UV073AE/ref=sspa_dk_detail_0?psc=1&pd_rd_i=B00UV073AE is what I need to plug the UCM6102 into?


#9

you have to choose a firewall that correctly supports VoIP, not all of them give you guarantees of operation.
I recommend a Draytek (for example the Vigor2862, depending on your connectivity) that incorporates in a single hardware both router (modem) and firewall.
Obviously any Firewall that you implement if it is not set correctly will only serve as a water heater :slight_smile:

This is a professional tool, obviously like all firewalls if you don’t know it don’t install it certainly plug-and-play


Looking for install help UMC 6108
#10

Thanks very much. The mystery is finally solved. Thanks guys!


#11

Id suggest to use something like a Mikrotik RB952 would be plenty …not too costly just needs to be set up

Amazon have them in the USA for around $40 + plenty of good scripts to make it work well… and if you get stuck there are many tech resources out there to assist…


#12

The router model that damiano suggested is not the best for the US market. It is a VDSL model, which is great, but not for Comcast or other cablemodems.

What you seek is a router that is not for residential use. These tend to focus on streaming and wi-fi, but do not have a firewall that is robust enough to accommodate rules that will selectively allow you to manage who can and cannot get thru.

I use primarly Draytek in the US as well as some Mikrotik, Ubiquiti and until recently, some limited GWN7000.

The Mikrotik is perhaps the most flexible device on the market and at very favorable price points. However, it can be a challenge to setup for many. It is not your traditional come in a box with a manual or CD with a pretty GUI that is natively intuitive to most. As stated, it can be manipulated in about known manner known to man, but getting the correct info from the WIKI and user forums can be an experience. If you like to tinker and feel comfortable in experimenting, then go for it.

The ASA you have picked out, may be a little pricey for a SOHO, but nothing wrong with it and as the saying goes…,.,nobody ever got fired for picking Cisco. It may require some type of subscription for the threat protection.

You will need to contact Comcast once the router is installed so that they can bridge the WAN. This effectively removes their firewall and allows yours to manage the Internet connection. You will also want them ti disable any ALG functions, especially SIP. Keep in mind that it is an unknown if the Comcast device is also providing Wi-Fi and if so, you will want to find a router than can do so as well.


#13

I wrote Draytek Vigor 2862, it was just an example, I certainly can not know what connectivity you have, you’ll have to look for the appropriate Draytek model.
That said the 2862 model is VDSL, but it also has 2 WAN and supports LTE, so it’s complete. It also has a valid Firewall (superior to many other vendors).
In an Office up to 30 PCs is ideal.
I don’t see the problem.


#14

There is nothing wrong per se, in that the router will indeed work. However, for a SOHO office using a broadband connection from a cablemodem, the 2133Ac or even 2912N might be more cost efficient models depending on NAT throughput needs. In essence, he would be paying for a VDSL connection that he can’t use.


#15

throughput up to 400 Mbps, more than enough in 99% of small and medium enterprises :slight_smile: