Well, we haven't talked to Cisco about this. Somehow, and we aren't sure how, someone got the password to a Unity mailbox that was never assigned to a person (for administrative use only) and should have been locked. Once they had this, they could simply dial into any voice mailbox, opt out to the main menu, login as the comprimised mailbox, and then transfer themselves out to whereever they wanted to call.
We have stopped this by A)locking and changing the entension of the comprimised mailbox, B)forcing password changes on all mailboxes, C) implementing the class of service feature so that Unity will not allow tranfers to international numbers and D)creating and assigned a calling search space to the VM route points so they cannot call out internationally (redundant, I know, but the Unity system was comprimised). We also changed all admin passwords. The troubling thing is we don't know how the password was leaked in the first place. There is no sign of a dictionary attack in Unity. It is possible that this was internal, but we don't know. We are still looking and if we find a smoking gun, I'll let you know. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48418&t=48352 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
