Leaderboard


Popular Content

Showing content with the highest reputation since 03/20/2018 in all areas

  1. 1 point
    It's a very low hanging fruit in terms of exploits; any random script kiddie bot that happens upon it is going to have a hell of a good day. Given how frequently ISP modems are compromised now (for example, one of the Actiontecs where a remote administration interface is permanently stuck on 4567 or 7654 or whatever; I've seen people with these get free, grimly successful security audits) and how little of a say users are able to have in securing them, if you have a minimal, "the ISP just gave me this modem so I hook stuff up to it" configuration, I wouldn't put Audix anywhere near the internet. If you don't want to use a dial-up modem to administer it, you could always use a KVM or something; I'd recommend this more than an isolated ethernet network simply because Audix is designed to use an old version of Netscape to access the web UI from itself. The system runs very old SSL certificates, wants you to execute very old Java applications, and wants you to use a very outdated SSH session to administer it. Security aside, you're going to have trouble finding browsers that want to deal with that. And then you'll have to configure Java to actually execute the administration program it feeds you, unless you can figure out what it's supposed to be running. If I remember right, the Avaya Java SSH thing runs 'exec Fc' after it logs in to access the administration program. Given both the obscurity and how the C-LAN card runs a functionally independent OS (an old build of VxWorks) from the switch, the Definity shouldn't be any trouble so long as you're okay with telnet. I'd still recommend using a modern Linux system with SSH and running the system with minicom. Or a dial-up modem, just because I'm that sort of person. I've detailed in this thread how the VT220 mode can be used with an off the shelf terminal. There are however, undocumented TCP ports open on the card. I doubt your average automated Chinese script kiddie scanner is going to pose a threat to it, but use your own best judgement on that. You're in the wrong place if you think some horrendously bootleg mismatch of hardware running Audix is some sort of hallowed Avaya prayer ground. Or certainly if you don't want to get creative and dirty up your install. Encouraging anyone not to touch it goes completely against everything the hacking spirit stands for, and certainly the spirit of the effort on this thread to turn paperweights into powerful systems again. That being said, if you're going to stick your head in the sand to the tune of a 16-year old Linux kernel, proprietary or otherwise, any very cursory nmap scan will give a very good idea of it's age to someone else. Perhaps you weren't paying attention when it was shown that the license file on these cards is encrypted using DES. With keys that're clearly sitting in the header files that we have no less. Or that the system has absolutely no RAM protection, allows you to read and write to any address you please freely as a higher level user, that we have init access on these releases, and that we know the RAM addresses where the ASG keys sit on the switch. It's certainly an annoyance, I'll grant you. Nobody has approached me offering to help sstep the pam process on the Definity while the license file is being read, and for that reason, my motivation on more computer-oriented projects has been more to wrangle up Dialogic cards into doing sketchy things like scanning. Someday it'll make me really happy to unlock my release 11 Definity card, and certainly help everyone else do the same. For the moment though, most functionality on it works fine, and until I see more initiative to collaborate on this, I don't especially feel like trudging through pages of MIPS instructions. What sort of hardware architecture the system runs on is inconsequential to the licensing routine. You've been repeating lines like this without providing any source or supporting evidence other than friends at Avaya, who're imaginary for all we know. Either you're some sort of Definity troll, or don't know what you're talking about.
  2. 1 point
    800-940-0538 - "Welcome to Medscribe. Please enter your ID number, followed by the pound sign." 800-940-0588 - IVR, "Welcome to the Groupcast message distribution center. Please enter your pin followed by the pound sign" 805-544-0015 - University elevator? Try pressing buttons. 800-829-0314 - 711 number 512-328-5987 - Thingie on analog line w/WEIRD sounding tones 800-829-0129 - Weird Allstate test IVR, wants working DNIS to do anything interesting
  3. -3 points
    I didn't come here to be verbally abused by some knowitall to someone whose not as smart as you. Please treat others with respect and not bash people like on your last 'graph. Have a good life.