toll restriction on CME

Unanswered Question
Jun 5th, 2009
User Badges:
  • Silver, 250 points or more

I have an urgent need.

I have a site that has reported over 4000+ minutes of calls from our Mexico site to the Ukraine. I am running CME7.x and do not know how to set-up toll fraud/restrictions on outbound calls.

I need some help, point me in the right direction, to stop calls going to country code 380

How can this be done?

Can this be done?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
paolo bevilacqua Fri, 06/05/2009 - 10:04
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Is this site exposed to internet and SIP ?

If so, put an ACL to allow only the SIP peers you allow.

Rick Morris Fri, 06/05/2009 - 10:07
User Badges:
  • Silver, 250 points or more

we are not running sip.

Site in mexico has 20 trunks,

controller E1 0/3/0

framing NO-CRC4

ds0-group 1 timeslots 1-15,17-20 type r2-digital r2-compelled ani

cas-custom 1

country telmex use-defaults

category 2

answer-signal group-b 1

we have DMVPN connection to HQ with Gatekeeper.

I am looking at Cisco site now talking about:


after-hours block pattern 1 91

after-hours block pattern 2 9011

after-hours block pattern 3 91900 7-24

Not sure if this is the best way to set this up or not.

paolo bevilacqua Fri, 06/05/2009 - 10:13
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

SIP is enabled by default, is the router directly connected to the internet ?

Nicholas Matthews Fri, 06/05/2009 - 11:26
User Badges:
  • Red, 2250 points or more

I suggest making this change:

voice service voip


call service stop

Hackers frequently scan for open TCP/UDP 5060. If your router has a voice-port in it, it will listen on these ports by default. Additionally, any incoming H323 or SIP call will match dial peer 0 by default, and then will be eligible to be routed out of your T1. By disabling SIP completely if you're not using it, you will mostly avoid this. Nearly every case I've seen of this has been SIP related even though the same thing is possible with H323. I suggest blocking TCP 1720 and UDP/TCP 5060 from the public, among other general security ports like 23 for telnet.




This Discussion