Forensics

Unanswered Question
Jan 16th, 2009
User Badges:

Problem: Verizon calls to report we had two long-distance calls on such and such date to Cuba. The number number they were dialed from comes back as our PRI line. We use Cisco Call Manager 4.1.


How can I determine the device or DID number that made these calls? If I can get the DID number I can link it to a device.


Thanks,

K

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Nicholas Matthews Fri, 01/16/2009 - 06:11
User Badges:
  • Red, 2250 points or more

There's a good chance that you have a public IP on your gateway.


There's also a good chance that this public IP doesn't have both TCP and UDP ports 5060 blocked.


That's my guess.


I would apply this ACL to your outside interface:


access-list 101 deny tcp any any eq 5060 log

access-list 101 deny udp any any eq 5060 log

access-list 101 deny tcp any any eq 1720 log

access-list 101 permit ip any any



If this is just two calls, then it may be a user and you would want to check your CDR records.


You may want to read this link anyway:

http://www.cisco.com/en/US/products/sw/voicesw/ps4625/products_tech_note09186a00809dc487.shtml



hth,

nick


Actions

This Discussion