04-30-2015 06:48 AM - edited 03-17-2019 02:51 AM
Hello,
we have more 3 Cisco SX20 Telepresence Systems running,
Every ~10min a unknown user names "cisco" phone us (most time different IP), so our only way is to set the donotdisturbed function.
Do anybody know what that is? and how to fix it?
I have heard that that is a hacking attack to all Videoconferencing Systems LifeSize and Polycom too from russia?
Thanks,
04-30-2015 07:38 AM
Most likely is a hacking attack. Make sure you have ip address authentication configured on your voice gateway.
voice service voip
ip address trusted list
ipv4 x.x.x.x 255.255.255.0
ipv4 y.y.y.y 255.255.255.0
List all of your CUCM ip addresses here plus your service provider address if using a SIP trunk.
Make sure this command is NOT listed:
no ip address trusted authenticate
08-25-2015 11:22 PM
Hello,
Did you find a solution?
One of our customers has the same problem. He has 3 Lifesize endpoints directly connected to the Internet and it seems the calls are H.323 indeed coming from different IP's.
One of the Lifesizes has been replaced by a MX800. But now these 'ghost' calls are still appearing.
I did not find a way to block specific IP addresses or ranges on the MX800.
I advised to use the donotdisturb function but apparently this is limited in time. Do you know when putting to value to 0 it will leave the function permanent active?
So the only way to block these 'ghost' calls is move the endpoints to the LAN and register to a VCS or UCM with Traversal solution?
rgds, Geert.
08-26-2015 08:16 AM
There are multiple cases in the teleprecense community you can consult for people that have had the same issue.
https://supportforums.cisco.com/discussion/12556226/unwanted-incoming-calls-my-computer-telepresence-sx20
https://supportforums.cisco.com/discussion/12517901/dealing-unwanted-incoming-call-sx-20-during-conference
As mentioned there are a lot of port scanners on the internet scanning for open addresses so there is probably no way to avoid this if you choose to leave your devices on the internet except maybe using some sort of whitelist/ blacklist mechanism like ACL's or ip trusted authenticate.
The most efficient solution is to deploy a traversal solution in a DMZ.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide