Showing results for 
Search instead for 
Did you mean: 
Create Post

Attack of the Rogue Vonage Routers

Attack of the Rogue Vonage Routers

So the company I worked for a few years ago decided to move their office to a different location. Being the IT specialist, I was responsible for getting everything shut-down, moved, and reinstalled at the new office. It was actually not a bad move since my company was small, about 35 employees.

Everything was fine except for a strange symptom that immediately began to hit my support que. Our VOIP phones had a weird delay when our phone agents were pressing the number buttons on the phone to dial out. They had to dial extra slow to make sure each button press registered. It was irritating, but they could still work. It was just slowing them down and that meant slower income, Bah!!

Where do I start? No problems at the previous office and now this nagging problem that I have never heard of before. Nothing steered me to any network issue since only the dialing was affected. The phone quality was good! I updated phone firmware, went through hours of troubleshooting on our PBX server. Contacted support for our phones and also contacted our VOIP trunk provider.

We could not pinpoint the issue, but the phone support guy said something before I got off the phone that I am glad I listened to. He said “Check the network, you never know. Everything else seems good.” So, I pulled up NPM and took a look. Sure enough, something did look out of place. There were 5 odd IPs that were eating up a good portion of the bandwidth. It didn’t seem like enough to cause problems, but I had to see what these devices were.

PING –a returned no DNS result, so I tried just browsing to the addresses with an internet browser. “Vonage” popped up on the screen with a login prompt. Vonage, what? We stopped using Vonage a couple of years ago and ported all of the phone numbers to our VOIP trunk provider. Once I saw that, I knew just what these were and where they were located. These routers were just plugged in to our switch and weren’t doing anything phone-wise, so I just disconnected them.

Problem solved. I’m not sure what the routers were doing, because I never reconnected them to try and find out. They were placed upon my office shelf as a reminder of the attack. I was the hero after that, especially to the phone agents. I did not mention that the whole issue was my fault of course. Those routers were not connected at our old office and for some reason; I thought they needed to be connected at the new office.

IT hero to the rescue! I’m on my way to fix all of the problems I have caused!


A fun reminder that troubleshooting can improve when it begins with the basics, with all assumptions off the table.

Level 10

You are so right. It was a good learning experience. That was the point I realized that, especially with the VOIP phones, everything can be impacted by the network, sometimes in the most unusual ways.