2019/07/19

VCS Expressway high CPU problem and security issue

Hello!



for several months, I had strange problem for VCS-Expressway.

It was really strange for me, because after upgrading software version X8.2.1.

VCS-Expressway works well it's call signaling and traversal server, but I could not access it's web management page.

even some times could access web management, but one or two days after, It's really slow too connect to manage.

Just after rebooting, changing some options and staying was all that I could do.

so, I had upgrade or downgrade software X8.x.x version, but nothing was better than before.

anyway times going, last month(30/apr/2015), released new version software.

after upgrading the new version software(X8.5.2), the problem was gone!

It's VCS software bug. as cisco bug search tool, they said that It's high CPU/Memory resource problem.

the bug# is CSCup83131(https://tools.cisco.com/bugsearch/bug/CSCup83131)

You should upgrade X8.5.2 now. if not, stay past version X7.x.x software.




and recently someone changed VCS root password.

of course I have fault that did not changed default root password.

after changing root password, I have denied ssh access for ethernet port.

maybe it's best option for VCS Expressway security.

anyway, I recommand changing default root password strongly.

root password could change in one minute after rebooting.

please refer below to change ssh option.

====================================================================================

vcse login: root
Password: TANDBERG

Last login: Thu May  7 10:39:22 KST 2015 on ttyS0
~ #
~ # rootaccess --display
ssh on
telnet off
~ #
~ # rootaccess --help
Usage: rootaccess [options]

Options:
  -s, --ssh [on|off]            turn ssh access on or off
  -t, --telnet [on|off]         turn telnet access on or off
  -d, --display                 display current access levels
  -v, --version                 show version
  -?, --help                    show this help
~ #
~ # rootaccess --ssh off

====================================================================================



in addition to, nowadays strange caller "cisco" is sending call signal to VCS.
I think it's H.323 scaner or hacking tools. every 10 minutes try again.
to deny this stranger, using CPL regex and restrict interworking option will be proper solution.




Good luck!


at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)