Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Toll Fraud?

I have a Cisco C20 "TC4.2.1.265253" that exists outside of a firewall with a public IP at one of our sites.  It has been receiving random calls from number@itsownip to number@itsownip.  These calls are random throughout the day, and appear in the middle of a call and cause disruption.

Putting the unit behind a firewall is not an option at this site.  I have already disabled SIP, and it is still occurring.  What else can I do?  How is it dialing what appears to be a SIP call without SIP enabled?  Am I just missing something?

The last thing I did, which may or may not work, was give it an invalid multiway address to at least stop the calls from coming in during a meeting.  This doesn’t prevent the original problem though.



Toll Fraud?

Please upgrade the codec to software version TC 6.2.

Make sure the system is well protected and that it is placed in DMZ if you need to have it on public IP.

Remember, that upgrading to TC 6.2 will not solve the problem unless below two configurations are applied on unit:

xConfiguration SIP ListenPort: Off

xConfiguration SIP Profile 1 Outbound: On

The solution to avoid incoming calls is to disable SIP listenport and enable SIP outbound. Only calls originating from the VCS will reach the endpoint.

New Member

Re: Toll Fraud?

It’s a unit we manage, but we do not own it.  It belongs to a small public school, and they do not have the money to pay for an upgrade.  I am trying to find a work around. 


Also we do not use a VCS with this site.  It is a standalone system.

Toll Fraud?

If the system is on a public ip it most likely uses h323.

A simple workaround is to disable SIP on the endpoint.

How did you disable sip?

When logged in via ssh as admin as:

xConfiguration NetworkServices SIP Mode: off

should do the trick.

In general all these calls are SIP, but sure it can also be that someone scans using h323 as well.

I would also put it behind a firewall to at least block the management ports (http(s)/telnet/...).

I am not 100% sure how it is legal/policy wise, but for >TC6.1 (current is TC6.2.1) you do not

need a specific release key, so in theory TC6.2.1 would work with the current available release key.

Also suggest them to use a VCS as a service, many companies companies offer that as a service

possibly in your region as well.

Please remember to rate helpful responses and identify helpful or correct answers.

Please remember to rate helpful responses and identify

CreatePlease login to create content