02-12-2013 11:35 AM - edited 03-16-2019 03:40 PM
In my company, our IPCC system is connected to GSM network through TDM and PRA links destributed over three CISCO voice gateways, I discovered that some hackers are using some call simulation applications to simulate caller IDs and access the IVR.
I tried to block those calls, unforetunately no rule can be applied on the ICM since the call seems to be normal, the only thing that
distinguish fake call from real one is through a GSM parameter called IMSI, but this parameter is not handled in the SIP protocol, as I know, my question is anyway to block calls on VGWs depending on the existance of IMSI, or is there anyway to block such fake calls?
02-12-2013 11:42 AM
I hope my answer will help you , i do not have big experience on IPCC
eouter#conf t
router(config)#voice translation-rule 1
router(config-xxx)#rule 1 reject /number/
router(config-xxx)#rule 2 reject /number/
2. Apply the Translation rule to a Translation Profile and give it a name.
(This will be used to apply to the incoming Dial-peers.)
router#conf t
router(config)#voice translation-profile call_block
router(config-xxx)#call-block disconnect-cause incoming call-reject
in this case we named the Translation Profile "call_block"
3. Apply Translation Profile to incoming Dial-peers (only) on each router.
dial-peer voice 1 pots
call-block translation-profile incoming call_block
call-block disconnect-cause incoming call-reject
incoming called-number .T
direct-inward-dial
port 0/0/0:23
Thank you
please rate if this will help and good luck
02-12-2013 11:49 AM
Thanks Islam,
But how can this rule distinguish if the call is fake or not? I mean call simulator can use a valid number and simulate the call. those rules are just to block a call depending on the caller
02-12-2013 11:53 AM
That is true , if you have known numbers which you neeed to block. For simulate to ideentify the fake numbers , i can think with you . Please tell me for examplea fake number which you have
thank you
02-12-2013 11:56 AM
it can be any customer number ... for example, one can use the simulater to make a call with your number Islam, imagine that this problem on your GSM network, and a hacker used this tool and used your number and call your contact center using your own number,
02-13-2013 12:47 PM
i think for Hackers issues , i think somehing like IPS ,(security device) which can detect soemthing like this
02-13-2013 12:58 PM
islam.kamal wrote:
i think for Hackers issues , i think somehing like IPS ,(security device) which can detect soemthing like this
No.
IPS is for data network.
OP has the problem on telephone network, that is different..
02-13-2013 02:03 PM
You are right , i know that. what i need to say may be there is a security or monitoring tool can detect this which can detect the session of the intruder and disable it.Anyway , i hope that Mr/Yousef get a olution and please share it .
02-13-2013 06:44 AM
No, you cannot block calls appers genuine.
02-28-2013 10:41 PM
I think asa firewall with a gtp inspection feature maybe can solve this problem.
03-01-2013 08:53 AM
zhigangyan wrote:
I think asa firewall with a gtp inspection feature maybe can solve this problem.
As answered above already: no.
03-01-2013 11:49 AM
I am still looking for a way to recognize any parameter can be used, till now I 've found nothing, as you know , SIP protocol has not suciefent security parameters
03-04-2013 07:01 AM
Hi,
I have just test the below config and it works fine
voice translation-rule 1
rule 1 reject /065555555/
voice translation-profile block
translation calling 1
dial-peer voice 1 pots
incoming called-number .
call-block translation-profile incoming block
call-block disconnect-cause incoming call-reject
direct-inward-dial
port 0/0/0:15
your incoming calls use SIP trunk or PSTN. if it is SIP I think you need to block the signaling ports based on the source IP.
HTH
Anas
please rate if it is helpful
03-04-2013 07:06 AM
aabueideh wrote:
Hi,
I have just test the below config and it works fine
voice translation-rule 1
rule 1 reject /065555555/
voice translation-profile block
translation calling 1
dial-peer voice 1 pots
incoming called-number .
call-block translation-profile incoming block
call-block disconnect-cause incoming call-reject
direct-inward-dial
port 0/0/0:15
your incoming calls use SIP trunk or PSTN. if it is SIP I think you need to block the signaling ports based on the source IP.
HTH
Anas
please rate if it is helpful
I'm afraid you do not understand the issue, so try again understaing this:
Cannot block calls having an effectlively spoofed calling number
http://en.wikipedia.org/wiki/Caller_ID_spoofing
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide