Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
530
Views
0
Helpful
2
Replies

Anti Tolff-Fraud on a CUBE

Ruterford
Level 1
Level 1

‎06-12-2013 04:49 PM - edited ‎03-16-2019 05:50 PM

Hi All,

I have an ISR cube with some SIP dial-peers and I have anti toll-fraud enabled using following configuration:

voice service voip

ip address trusted list

  ipv4 x.x.x.x 255.255.255.255

  ipv4 y.y.y.y 255.255.255.255

But I still keep getting stuff in the logs such as below.

I am wondering if anti toll-fraud is actually working since I see all that logs coming in.

Is this a supposed behaviour?

I see nothing from

debug voip ccapi inout though.

Here are the logs I get (I just removed the public IP address with zzz.zzz.zzz.zzz)

Can you please also help me read who is sending this traffic to me?

None of those IP addresses belong to my router.

*Jun 12 20:37:32.417: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:

Received:

OPTIONS sip:100@zzz.zzz.zzz.zzz SIP/2.0

Via: SIP/2.0/UDP 127.0.0.1:5082;branch=z9hG4bK-1815254791;rport

Content-Length: 0

From: "sipvicious"<sip:100@1.1.1.1>; tag=64393038323731303133633401363936343533373838

Accept: application/sdp

User-Agent: friendly-scanner

To: "sipvicious"<sip:100@1.1.1.1>

Contact: sip:100@127.0.0.1:5082

CSeq: 1 OPTIONS

Call-ID: 727754319672688427698085

Max-Forwards: 70

*Jun 12 20:37:32.418: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:

Sent:

SIP/2.0 400 Bad Request - 'Invalid IP Address'

Via: SIP/2.0/UDP 127.0.0.1:5082;branch=z9hG4bK-1815254791;rport;received=199.19.111.219

From: "sipvicious"<sip:100@1.1.1.1>; tag=64393038323731303133633401363936343533373838

To: "sipvicious"<sip:100@1.1.1.1>;tag=55442526-1F8F

Date: Wed, 12 Jun 2013 20:37:32 GMT

Call-ID: 727754319672688427698085

Server: Cisco-SIPGateway/IOS-15.3.1.S2

CSeq: 1 OPTIONS

Content-Length: 0

Labels:
0 Helpful
2 Replies 2

Leo Salcie Tejeda
Level 7
Level 7

‎06-12-2013 05:49 PM

Hi Ruter,

For what I can see, there's something called SIPVicious.

What is SIPVicious tool suite?

SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems.

Look like somebody is tryied to break the CUBE but it was block.

Please remember to rate useful posts clicking on the stars below.
Favor calificar todos las respuestas útiles dando click en las estrellas de mas abajo.
___________________________________________
LinkedIn Profile: do.linkedin.com/in/leosalcie

__________________________________________________
Please remember to rate useful posts clicking on the stars below.
LinkedIn Profile: do.linkedin.com/in/leosalcie
0 Helpful

Jorge Armijo
Level 4
Level 4

‎06-12-2013 05:54 PM

You're not getting ouptut on the Call Application Layer since the call is being rejected inmediately on the SIP Layer, hence the call is not being delivered to the next CUBE layer...

--
Jorge Armijo

Please remember to rate helpful responses and identify helpful or correct answers.

-- Jorge Armijo Please remember to rate helpful responses and identify helpful or correct answers.
0 Helpful
Customers Also Viewed These Support Documents