toll restriction on CME

Rick Morris · ‎06-05-2009

I have an urgent need.

I have a site that has reported over 4000+ minutes of calls from our Mexico site to the Ukraine. I am running CME7.x and do not know how to set-up toll fraud/restrictions on outbound calls.

I need some help, point me in the right direction, to stop calls going to country code 380

How can this be done?

Can this be done?

paolo bevilacqua · ‎06-05-2009

Is this site exposed to internet and SIP ?

If so, put an ACL to allow only the SIP peers you allow.

Rick Morris · ‎06-05-2009

we are not running sip.

Site in mexico has 20 trunks,

controller E1 0/3/0

framing NO-CRC4

ds0-group 1 timeslots 1-15,17-20 type r2-digital r2-compelled ani

cas-custom 1

country telmex use-defaults

category 2

answer-signal group-b 1

we have DMVPN connection to HQ with Gatekeeper.

I am looking at Cisco site now talking about:

telephony-service

after-hours block pattern 1 91

after-hours block pattern 2 9011

after-hours block pattern 3 91900 7-24

http://www.cisco.com/en/US/products/sw/voicesw/ps4625/products_tech_note09186a00809dc487.shtml

Not sure if this is the best way to set this up or not.

paolo bevilacqua · ‎06-05-2009

SIP is enabled by default, is the router directly connected to the internet ?

Nicholas Matthews · ‎06-05-2009

I suggest making this change:

voice service voip

sip

call service stop

Hackers frequently scan for open TCP/UDP 5060. If your router has a voice-port in it, it will listen on these ports by default. Additionally, any incoming H323 or SIP call will match dial peer 0 by default, and then will be eligible to be routed out of your T1. By disabling SIP completely if you're not using it, you will mostly avoid this. Nearly every case I've seen of this has been SIP related even though the same thing is possible with H323. I suggest blocking TCP 1720 and UDP/TCP 5060 from the public, among other general security ports like 23 for telnet.

hth,

nick