Solved: CUCM toll fraud

Gezimvatovci · ‎03-13-2017

Hi,

Can also happen toll-fraud on CUCM as in CME ??

If yes, which is the best idea to protect from toll-fraud on CUM with E1-link ??
Any suggest?

Thanks in Advance,

GV

Mohammed al Baqari · ‎03-13-2017

The CME toll-fraud mechanism is built-in CUCM since beginning. CUCM will drop calls from unknown sources which aren't defined as trunks or gateways (this can be changed using service parameters).

From this aspect CUCM is protected. However, some of the attackers will use the response message from CUCM (Internal Server Error 500) for reconnaissance such as CUCM supported messages, CUCM version, CUCM IP etc. This will require looking at other stuff such as authentication and encryption messaging.

View solution in original post

Mohammed al Baqari · ‎03-13-2017

The CME toll-fraud mechanism is built-in CUCM since beginning. CUCM will drop calls from unknown sources which aren't defined as trunks or gateways (this can be changed using service parameters).

From this aspect CUCM is protected. However, some of the attackers will use the response message from CUCM (Internal Server Error 500) for reconnaissance such as CUCM supported messages, CUCM version, CUCM IP etc. This will require looking at other stuff such as authentication and encryption messaging.

Alexey Minaev · ‎03-13-2017

Here is an article about preventing toll fraud regarding CME

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucme/admin/configuration/manual/cmeadm/cmetoll.html

Ratheesh Kumar · ‎03-13-2017

Hi

This could help you out

http://www.shanekillen.com/2013/03/how-to-prevent-toll-fraud-on.html