Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CME Intrusion

I have a CME directly connected to the Internet. And i found out that someone is using my ISDN access to make calls. Who can i block outgoing calls that are not from registered phones?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: CME Intrusion

good luck

Please, if helpful Rate

15 REPLIES

Re: CME Intrusion

u can make restrection on the dial-peers and who is allwed to dial out or in with CME by using a nice feature called COR List

for detailed instructions see the following link:

http://www.cisco.com/en/US/tech/tk652/tk90/technologies_configuration_example09186a008019d649.shtml

good luck

please, if helpful Rate

New Member

Re: CME Intrusion

Thanks for your help.

But i already have a corlist working. My question is if someone has some kind of softphone that is not configured on the CME, how can i be sure that he can not make the call.

Only the registered phones should be able to do so.

Re: CME Intrusion

look at the following prevous issue which is similer but not same as urs

i am sure will be useful

the idea is to block all calls in all times and make exmptions to the phones registered with ur CME so only the phones u configre will be allowed to make calls

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=IP%20Telephony&topicID=.ee6c829&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cc17c28/5#selected_message

please, if helpful Rate

New Member

Re: CME Intrusion

Thanks for your help.

I believe that was what the answer.

Best regards

Re: CME Intrusion

good luck

Please, if helpful Rate

New Member

Re: CME Intrusion

Am I naive in thinking that using the IOS firewall feature set in your CME router connected to the Internet would prevent this from happening?

New Member

Re: CME Intrusion

I think that could do the trick.

The funny think is that i don't understand how they can make the call!

*Aug 25 12:18:06: //19899/xxxxxxxxxxxx/CCAPI/cc_api_caps_ind:

Call Entry Is Not Found

*Aug 25 12:18:06: //-1/E9D8D7E61217/CCAPI/cc_api_display_ie_subfields:

cc_api_call_setup_ind_common:

cisco-username=xxxxxxxxxxxx

----- ccCallInfo IE subfields -----

cisco-ani=xxxxxxxxxxxx

cisco-anitype=0

cisco-aniplan=0

cisco-anipi=0

cisco-anisi=0

dest=zzzzzzzzzzzzz

cisco-desttype=0

cisco-destplan=0

cisco-rdie=FFFFFFFF

cisco-rdn=

cisco-rdntype=0

cisco-rdnplan=0

cisco-rdnpi=-1

cisco-rdnsi=-1

cisco-redirectreason=-1 fwd_final_type =0

final_redirectNumber =

hunt_group_timeout =0

This is the first time this has happen to me.

I think that they are using a PC to make the outbound call.

New Member

Re: CME Intrusion

Hi,

Did you ever solved this issue?

I think I'm having the same issue. I have a UC500 that started to make calls I don't know where they came from.

All calls have a calling number=0000 and they dial numbers around the world.

It seems the UC500 starts the calls itself...

Regards

Hall of Fame Super Gold

Re: CME Intrusion

You likely have CME exposed to the internet, they call via SIP or more rarely H.323.

Generally, this is easily addressed with an access-list.

New Member

Re: CME Intrusion

Hi,

Thanks for your reply.

I got some more info on this with some debugs, and now have "asterisk" as a Call Name.

The UC500 does have a public IP address. Does it receive and accept SIP calls on this public interface without any config? It's just a Dialer with pppoe.

Regards

Hall of Fame Super Gold

Re: CME Intrusion

Yes, it does, "just pppoe" is a perfectly valid public address.

You can also check new features to prevent that:

http://www.cisco.com/en/US/tech/tk652/tk90/technologies_tech_note09186a0080b3e123.shtml

please remember to rate useful posts clicking on the stars below.

New Member

Re: CME Intrusion

How can I achieve this with early firmware version? I have 15.0.1XA on a UC520.

Or where can I get 15.1.2 IOS, in the software page I only have 12.4.

Many thanks

Hall of Fame Super Gold

Re: CME Intrusion

Enter "toll fraud" in cisco.com search box, and read relevant documents.

New Member

Re: CME Intrusion

Sorry to bother again,

Do you know if there's already a 15.1.2T version for the UC520? I'm not able to find it anywhere.

Many thanks

Hall of Fame Super Gold

Re: CME Intrusion

There is not. IOS for UC500 comes out some months after normal routers.

Please remember to rate useful posts clicking on the stars below.

228
Views
15
Helpful
15
Replies