CME Intrusion

Answered Question
Aug 18th, 2008
User Badges:

I have a CME directly connected to the Internet. And i found out that someone is using my ISDN access to make calls. Who can i block outgoing calls that are not from registered phones?

Correct Answer by Marwan ALshawi about 8 years 11 months ago

good luck


Please, if helpful Rate

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.8 (4 ratings)
Loading.
Marwan ALshawi Mon, 08/18/2008 - 06:01
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

u can make restrection on the dial-peers and who is allwed to dial out or in with CME by using a nice feature called COR List


for detailed instructions see the following link:


http://www.cisco.com/en/US/tech/tk652/tk90/technologies_configuration_example09186a008019d649.shtml


good luck


please, if helpful Rate

jjgoncalves Mon, 08/18/2008 - 06:15
User Badges:

Thanks for your help.

But i already have a corlist working. My question is if someone has some kind of softphone that is not configured on the CME, how can i be sure that he can not make the call.

Only the registered phones should be able to do so.

Marwan ALshawi Mon, 08/18/2008 - 06:23
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

look at the following prevous issue which is similer but not same as urs


i am sure will be useful


the idea is to block all calls in all times and make exmptions to the phones registered with ur CME so only the phones u configre will be allowed to make calls


http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=IP%20Telephony&topicID=.ee6c829&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cc17c28/5#selected_message


please, if helpful Rate

jjgoncalves Mon, 08/18/2008 - 08:20
User Badges:

Thanks for your help.

I believe that was what the answer.


Best regards

Correct Answer
Marwan ALshawi Mon, 08/18/2008 - 16:27
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

good luck


Please, if helpful Rate

Arthur Kant Mon, 08/18/2008 - 08:46
User Badges:

Am I naive in thinking that using the IOS firewall feature set in your CME router connected to the Internet would prevent this from happening?

jjgoncalves Mon, 08/25/2008 - 07:05
User Badges:

I think that could do the trick.

The funny think is that i don't understand how they can make the call!


*Aug 25 12:18:06: //19899/xxxxxxxxxxxx/CCAPI/cc_api_caps_ind:

Call Entry Is Not Found

*Aug 25 12:18:06: //-1/E9D8D7E61217/CCAPI/cc_api_display_ie_subfields:

cc_api_call_setup_ind_common:

cisco-username=xxxxxxxxxxxx

----- ccCallInfo IE subfields -----

cisco-ani=xxxxxxxxxxxx

cisco-anitype=0

cisco-aniplan=0

cisco-anipi=0

cisco-anisi=0

dest=zzzzzzzzzzzzz

cisco-desttype=0

cisco-destplan=0

cisco-rdie=FFFFFFFF

cisco-rdn=

cisco-rdntype=0

cisco-rdnplan=0

cisco-rdnpi=-1

cisco-rdnsi=-1

cisco-redirectreason=-1 fwd_final_type =0

final_redirectNumber =

hunt_group_timeout =0


This is the first time this has happen to me.

I think that they are using a PC to make the outbound call.

rcordeiro Wed, 08/11/2010 - 04:29
User Badges:

Hi,


Did you ever solved this issue?


I think I'm having the same issue. I have a UC500 that started to make calls I don't know where they came from.

All calls have a calling number=0000 and they dial numbers around the world.


It seems the UC500 starts the calls itself...


Regards

paolo bevilacqua Wed, 08/11/2010 - 04:57
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

You likely have CME exposed to the internet, they call via SIP or more rarely H.323.


Generally, this is easily addressed with an access-list.

rcordeiro Wed, 08/11/2010 - 05:01
User Badges:

Hi,


Thanks for your reply.


I got some more info on this with some debugs, and now have "asterisk" as a Call Name.


The UC500 does have a public IP address. Does it receive and accept SIP calls on this public interface without any config? It's just a Dialer with pppoe.


Regards

rcordeiro Wed, 08/11/2010 - 05:30
User Badges:

How can I achieve this with early firmware version? I have 15.0.1XA on a UC520.

Or where can I get 15.1.2 IOS, in the software page I only have 12.4.


Many thanks

paolo bevilacqua Wed, 08/11/2010 - 05:34
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Enter "toll fraud" in cisco.com search box, and read relevant documents.

rcordeiro Wed, 08/11/2010 - 06:19
User Badges:

Sorry to bother again,


Do you know if there's already a 15.1.2T version for the UC520? I'm not able to find it anywhere.


Many thanks

paolo bevilacqua Wed, 08/11/2010 - 06:21
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

There is not. IOS for UC500 comes out some months after normal routers.


Please remember to rate useful posts clicking on the stars below.

Actions

This Discussion