Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
416
Views
0
Helpful
3
Replies

Cisco Telepresence SX20 "Cisco" phone us every 10min!

michael.paminger1
Level 1
Level 1

‎04-30-2015 06:48 AM - edited ‎03-17-2019 02:51 AM

Hello,

 

we have more  3 Cisco SX20 Telepresence Systems running,

Every ~10min a unknown user names "cisco" phone us (most time different IP), so our only way is to set the donotdisturbed function.

 

Do anybody know what that is? and how to fix it?

 

I have heard that that is a hacking attack to all Videoconferencing Systems LifeSize and Polycom too from russia?

Thanks,

1 person had this problem
Labels:
0 Helpful
3 Replies 3

kkoeper12
Level 3
Level 3

‎04-30-2015 07:38 AM

Most likely is a hacking attack. Make sure you have ip address authentication configured on your voice gateway.

voice service voip

ip address trusted list
  ipv4 x.x.x.x 255.255.255.0
  ipv4 y.y.y.y 255.255.255.0

List all of your CUCM ip addresses here plus your service provider address if using a SIP trunk.

Make sure this command is NOT listed:

no ip address trusted authenticate

 

 

 

0 Helpful

gfolens
Level 4
Level 4

‎08-25-2015 11:22 PM

Hello,

Did you find a solution?

One of our customers has the same problem. He has 3 Lifesize endpoints directly connected to the Internet and it seems the calls are H.323 indeed coming from different IP's.

One of the Lifesizes has been replaced by a MX800. But now these 'ghost' calls are still appearing.

I did not find a way to block specific IP addresses or ranges on the MX800.

I advised to use the donotdisturb function but apparently this is limited in time. Do you know when putting to value to 0 it will leave the function permanent active?

So the only way to block these 'ghost' calls is move the endpoints to the LAN and register to a VCS or UCM with Traversal solution?

 

rgds, Geert.

0 Helpful

moyo oyegunle
Level 1
Level 1
In response to gfolens

‎08-26-2015 08:16 AM

There are multiple cases in the teleprecense community you can consult for people that have had the same issue.

https://supportforums.cisco.com/discussion/12556226/unwanted-incoming-calls-my-computer-telepresence-sx20

https://supportforums.cisco.com/discussion/12517901/dealing-unwanted-incoming-call-sx-20-during-conference

As mentioned there are a lot of port scanners on the internet scanning for open addresses so there is probably no way to avoid this if you choose to leave your devices on the internet  except maybe using some sort of whitelist/ blacklist mechanism like ACL's or ip trusted authenticate.

The most efficient solution is to deploy a traversal solution in a DMZ.

 

0 Helpful
Customers Also Viewed These Support Documents