Hi, I know this has been discussed a lot in here and I have done my research however I still have the following questions.
A customer of ours who don't have any SIP services and only has connection the PSTN has been hit with toll fraud, they use a Cisco 2801 ISR that runs CME and is also terminating internet connection. Most calls have been to Cuba and a few other countries, after looking into it I applied the following ACLs on the WAN interface however this hasn't stopped the fraud continuing.
ip access-list extended EXTERNAL
deny ucp any any eq 5060 5061
deny tcp any any eq 5060 5061
deny tcp any any eq 1720 1721
deny udp any any range 16384 32767
permit ip any any
I have also disabled SIP processing that is:
no transport tcp
no transport udp
However when looking at the router it's still listening on TCP port 5061 and 1720, could this be a bug? What more can I do to stop this.
Local address Foreign Address State
*.5061 *.* Listen
*.1720 *.* Listen