Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
VIP Purple

Strange Calling Loop on C40

I've seen this a few times on one specific C40 consistently, it seems to appear after select conferences connect, I see it several time over and over in the xhistory.  Our MCU does all the calling, so the codec in the room doesn't do anything, but auto answers the incoming call from the bridge.  The default call protocol being used by the bridge is H.323, the codec isn't configured for SIP at this time.  The dialing and call back numbers are that of the codec itself.

*h xHistory CallLogs Call 3153 CallId: 296

*h xHistory CallLogs Call 3153 Protocol: "Sip"

*h xHistory CallLogs Call 3153 Direction: Incoming

*h xHistory CallLogs Call 3153 CallType: Audio

*h xHistory CallLogs Call 3153 RemoteNumber: "sip:100@x.x.175.82"

*h xHistory CallLogs Call 3153 CallbackNumber: "sip:100@x.x.175.82"

*h xHistory CallLogs Call 3153 DisplayName: "100"

*h xHistory CallLogs Call 3153 CallRate: 768

*h xHistory CallLogs Call 3153 DisconnectCauseValue: 1

*h xHistory CallLogs Call 3153 DisconnectCause: ""

*h xHistory CallLogs Call 3153 DisconnectCauseType: LocalDisconnect

*h xHistory CallLogs Call 3153 DisconnectCauseCode: 0

*h xHistory CallLogs Call 3153 DisconnectCauseOrigin: SIP

*h xHistory CallLogs Call 3153 StartTime: "2013/09/24 12:07:02"

*h xHistory CallLogs Call 3153 Duration: 0

*h xHistory CallLogs Call 3153 Encryption: "Aes-128"

*h xHistory CallLogs Call 3153 BookingId: ""

All of our conferences are scheduled via TMS 14.2.2, with a VCS X7.2.2.  C40 is currently running TC5.6, waiting on TC6.3.

Everyone's tags (5)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: Strange Calling Loop on C40

Patrick,

My guess is that your endpoint is sitting out with a public ip address and sip scanning applications such as SipVicious are being used to detect possibilities for exploiting PSTN trunks. This can result in your endpoint looking like it is calling itself.

For the endpoint, you should set the SIP Listening port to Off and the Sip Outbound to On so that the VCS can still reach the endpoint.

xConfiguration SIP ListenPort: Off

xConfiguration SIP Profile 1 Outbound: On

Disabling ListenPort stops the endpoint from listening on port 5060/5061. Enabling outbound means that all incoming and outgoing calls will reuse the connection open from the endpoint to the VCS from the initial SIP Register message.

There were some changes in TC6.2 to address this issue. Prior to TC6.2, if you had the ListenPort to Off and Outbound On, this configuration combination did not always work as expected.

I would make those changes on the endpoint and upgrade to TC6.2 if you can.

Here is the bug id you can look at for this issue: CSCue55239

VIP Purple

Re: Strange Calling Loop on C40

Hi Patrick,

Patrick Sparkman wrote:

As I d mentioned, I applied to the fix to the C-Series, but am not seeing the issue on an E20, I need to see if there is a work around for it.

That's why i'd linked to the Admin Guide for the E20,  there's a setting for CallScreening - On: to reply to any SIP invites,  not from one of the SIP profile proxies with a "305 Use Proxy" message -  this could also stop the unwanted incoming invites hitting your device as your workaround if you can't find the ListenPort and Outbound settings similar to the C's.

Wayne

--

Please remember to rate responses and to mark your question as answered if appropriate.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.
12 REPLIES
Cisco Employee

Re: Strange Calling Loop on C40

Patrick,

My guess is that your endpoint is sitting out with a public ip address and sip scanning applications such as SipVicious are being used to detect possibilities for exploiting PSTN trunks. This can result in your endpoint looking like it is calling itself.

For the endpoint, you should set the SIP Listening port to Off and the Sip Outbound to On so that the VCS can still reach the endpoint.

xConfiguration SIP ListenPort: Off

xConfiguration SIP Profile 1 Outbound: On

Disabling ListenPort stops the endpoint from listening on port 5060/5061. Enabling outbound means that all incoming and outgoing calls will reuse the connection open from the endpoint to the VCS from the initial SIP Register message.

There were some changes in TC6.2 to address this issue. Prior to TC6.2, if you had the ListenPort to Off and Outbound On, this configuration combination did not always work as expected.

I would make those changes on the endpoint and upgrade to TC6.2 if you can.

Here is the bug id you can look at for this issue: CSCue55239

VIP Purple

Re: Strange Calling Loop on C40

This particular codec is accessible to the public, something that we're going to change when we implement an Expressway later this year.  I figured it was something along those lines, especially when I noticed the calling protocol as being SIP, but wasn't 100% sure.

Thanks!

Strange Calling Loop on C40

If you do not need a service it might be better to completly disable it:

xConfiguration NetworkServices SIP Mode: off

Also, remember to set a secure password and put a firewall upfront.

The only inbound ports which you would need are:

For H.323 direct calls the used ports are:

  • Q.931 call Setup: Port 1720 (TCP)
  • H.245(Static): Port Range 5555-6555 (TCP)
  • H.245(Dynamic): Port Range 11000-20999 (TCP)
  • Video*: Port Range 2326-2485 (UDP)
  • Audio*: Port Range 2326-2485 (UDP)
  • Data/FECC*: Port Range 2326-2485 (UDP)

         *Configurable by "RTP Ports Range Start" and "RTP Ports Range Stop"

Please remember to rate helpful responses and identify helpful or correct answers.

Please remember to rate helpful responses and identify

VIP Purple

Re: Strange Calling Loop on C40

Have another question in regards to this issue.  This works for C-Series or other codecs running TC software.  However, what about E20s?  We have an E20 outside the network that is accessible to the public Internet for management by our TMS.

VIP Purple

Strange Calling Loop on C40

Hi Patrick,

The same would apply to the E20 running the TE software.  If you're not using SIP, it's best to turn it off.

Security advisory cisco-sa-20130619-tpc shows that exact same thing as the Workaround to the security issues.

Wayne

--

Please remember to rate responses and to mark your question as answered if appropriate.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.
VIP Purple

Strange Calling Loop on C40

Thanks Wayne -

I've applied the work around noted above for a C-Series unit we have that is on a public IP.  I've been told that there is now an E20 that is starting to get these scanning calls, however the workaround for the C-Series doesn't apply to TE software from what I can tell.  Don't know if there is a workaround for TE software, wasn't sure if there was a way to prevent the calls.

The network at these locations isn't controlled by us at any of these places, but the codecs are.

VIP Purple

Re: Strange Calling Loop on C40

Hi Patrick,

The Secuirty Advisory I linked says that the workaround should apply to the TE software as well as the TC software.

if the xConfig command doesn't work, are you able to change the setting via the web interface as described?  I'd suggest you also upgrade the E20 to TE4.1.3 or later as per that SA.

Wayne

--

Please remember to rate responses and to mark your question as answered if appropriate.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.
VIP Purple

Strange Calling Loop on C40

Both C-Series and E20 are running the most recent software.  It was back in December when someone called me about the C-Series, so I applied Chad's workaround above.  Then today someone told me about the E20.  I can turn off SIP, but we use SIP for calls however.

VIP Purple

Re: Strange Calling Loop on C40

The bug (linked by Chad) also lists that after upgrading the software to the newer version that you need to change the following two settings:

xConfiguration SIP ListenPort: Off

xConfiguration SIP Profile 1 Outbound: On

This would still leave SIP enabled so you can make calls through your internal telephony infrastructure...

Looking at the Admin Guide, there's a setting for CallScreening - On: to reply to any SIP invites, not from one of the SIP profile proxies with a "305 Use Proxy" message - this could also stop the unwanted incoming invites hitting your device.

Wayne

--

Please remember to rate responses and to mark your question as answered if appropriate.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.
VIP Purple

Re: Strange Calling Loop on C40

As I d mentioned, I applied to the fix to the C-Series, but am not seeing the issue on an E20, I need to see if there is a work around for it.

Sent from Cisco Technical Support iPhone App

VIP Purple

Re: Strange Calling Loop on C40

Hi Patrick,

Patrick Sparkman wrote:

As I d mentioned, I applied to the fix to the C-Series, but am not seeing the issue on an E20, I need to see if there is a work around for it.

That's why i'd linked to the Admin Guide for the E20,  there's a setting for CallScreening - On: to reply to any SIP invites,  not from one of the SIP profile proxies with a "305 Use Proxy" message -  this could also stop the unwanted incoming invites hitting your device as your workaround if you can't find the ListenPort and Outbound settings similar to the C's.

Wayne

--

Please remember to rate responses and to mark your question as answered if appropriate.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.
VIP Purple

Re: Strange Calling Loop on C40

Oh, I didn't even notice the link in the earlier reply, blended into the text too well.  I'll take a look, thanks.

2064
Views
3
Helpful
12
Replies
CreatePlease to create content