Forensics

Unanswered Question
Jan 16th, 2009

Problem: Verizon calls to report we had two long-distance calls on such and such date to Cuba. The number number they were dialed from comes back as our PRI line. We use Cisco Call Manager 4.1.

How can I determine the device or DID number that made these calls? If I can get the DID number I can link it to a device.

Thanks,

K

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Nicholas Matthews Fri, 01/16/2009 - 06:11

There's a good chance that you have a public IP on your gateway.

There's also a good chance that this public IP doesn't have both TCP and UDP ports 5060 blocked.

That's my guess.

I would apply this ACL to your outside interface:

access-list 101 deny tcp any any eq 5060 log

access-list 101 deny udp any any eq 5060 log

access-list 101 deny tcp any any eq 1720 log

access-list 101 permit ip any any

If this is just two calls, then it may be a user and you would want to check your CDR records.

You may want to read this link anyway:

http://www.cisco.com/en/US/products/sw/voicesw/ps4625/products_tech_note09186a00809dc487.shtml

hth,

nick

Actions

This Discussion