Possible Toll Fraud - Cisco 3745 H323 Gateway with 2 x ISDN PRI Lines

Unanswered Question
Mar 7th, 2007
User Badges:

A strange thing is happening to one of the ISDN PRI Line. This problem is not happening on the other ISDN PRI line.


This router has 2 ISDNs - PRI 30 channels from Carrier 1 and 20 Channels from carrier 2.


I have done a test during my investigation.


When I turn on the ISDN - PRI line from Carrier 2, it automatically dials itself to many different countries. When I turn it Off, things are fine.


I have shut the PRI- ISDN from Carrier 2 now to prevent massive phone bill, so the users will have to depend on Carrier 1's ISDN PRI for the time being. I have checked all of the configuration.


In addition to show tech, I have posted another file called Investigation Monitoring with some debug outputs.


0011 is the International Country Code to dial out of Australia to any other country.


Open the Investigation Monitoring with wordpad.




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
paolo bevilacqua Thu, 03/08/2007 - 08:31
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Hi,


I didn't opened the whole "show tech", as the questions is simply, can this router be reached from the internet? If so it possible that someone is exploiting it from outside.

So if you want to continue investigation you could enable "debug ccapi" to see from where the call is being placed, else simply use access-list to block external H.323 and SIP connections to the router.

astanislaus Thu, 03/08/2007 - 15:15
User Badges:

Hello Bevilacqua,


Thanks for your help. Will try.


Regards

Alphonse

Actions

This Discussion