cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1175
Views
0
Helpful
10
Replies

Ghost Calls from different Numbers on ACME Servers

Rohit Khajuria
Level 1
Level 1

Hi All

 

we today recieved 100's of Ghost Calls and most of them were from different numbers and the same thing happened on three different clusters almost on the same time ?

 

So could you please tell me what could be the issues and how to troubleshoot all this ?

I didnt find anything related to the same anywhere ?

 

 

10 Replies 10

Jaime Valencia
Cisco Employee
Cisco Employee

You'd need to review traces and debugs from the GW to try to find information about that.

HTH

java

if this helps, please rate

Thanks for the reply Jamie !!!!

 

I fetched the logs from the ACME Server and found nothing but the DIDs where the calls were coming from.

What else do I need to check and how ? I will appreciate your guidance.

You need look into the logs when the event is happening. That will tell you who initiates the SIP calls.

Georgios
Please rate if you find this helpful.

if you know what the calling number is of these ghost calls, you can decide to block them is its re-occuring. but in my opinion that is like ground hog day,

Please remember to rate useful posts, by clicking on the stars below.

I will block them if the number of the ghost calls is limited, but what if we are getting many ghost calls (approximate 100 or even more than that).

What could be done for that ?

Do the numbers have a pattern ? Let say something like the numbers always start with 111 or end with 777. You can easily block these with generic translations.

No, that is the only concern. If the calls had the same pattern we would have blocked them easily, but most of the calls have different pattern.

Taken the fact that you are receiving these calls over IP aka SIP or H.323, you can block the IP addresses through ACL etc and if there is some sort of policing that can be done on ACME. You need to look at patterns. If calling number does not cut it, look at the IP addresses which are sending these calls and block traffic from these addresses.
If you have a Cisco GW, you can place it in between the ACME and the call source and have it dynamically reject calls from unknown ip addresses.

HI Nipun

 

Thanks for your reply.

Yes, you were right when you said we can also look at the patterns of the IP ranges, but I believe it will work if the scenario happens in one cluster. But what if we have the issue concurrently in more than one cluster and in different sites.

I never had encountered this type of situation before, but it happened. and that is what making me curious.

Well you can’t really say why it’s happening. All you should work towards is securing your UC infra. This would also be a good time to review your network security.