This time it was h.323 on a Cisco CallManager which was exploited in some ways. My personal guess is just bad configuration, but maybe there also is a bug in it as well.From a mailing list:
A company we work closely with, but is not our customer, had their Cisco
Call Manager hacked due to some h.323 vulnerability that I don’t have
full details on yet. There were a number of calls placed to:
881835211540
881835211556
881835211547
My findings indicate these are Globalstar satellite numbers that cost
somewhere between $4 and $7/minute to call, depending on carrier. The
victim’s carrier is billing them at $6.50. The total bill for the event
is around $13k. This is a small company that can’t really afford this.
If I had a small company and connected to a carrier, I would demand credit limits. It is the same as I would not have a 1 million credit limit on my credit cards. Check with your VoIP carrier that he has effective credit limits!
Sjur Usken 