Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1393
Views
18
Helpful
13
Replies

How to block simulated calls on Voice Gateway?

yousefbustami
Level 1
Level 1

‎02-12-2013 11:35 AM - edited ‎03-16-2019 03:40 PM

In my company, our IPCC system is connected to GSM network through TDM and PRA links destributed over three CISCO voice gateways, I discovered that some hackers are using some call simulation applications to simulate caller IDs and access the IVR.

I tried to block those calls, unforetunately no rule can be applied on the ICM since the call seems to be normal, the only thing that

distinguish fake call from real one is through a GSM parameter called IMSI, but this parameter is not handled in the SIP protocol, as I know, my question is anyway to block calls on VGWs depending on the existance of IMSI, or is there anyway to block such fake calls?

Labels:
0 Helpful
13 Replies 13

islam.kamal
Level 10
Level 10

‎02-12-2013 11:42 AM

I hope my answer will help you , i do not have big experience on IPCC

eouter#conf t

router(config)#voice translation-rule 1

router(config-xxx)#rule 1 reject /number/
router(config-xxx)#rule 2 reject /number/

2. Apply the Translation rule to a Translation Profile and give it a name.

(This will be used to apply to the incoming Dial-peers.)

router#conf t

router(config)#voice translation-profile call_block

router(config-xxx)#call-block disconnect-cause incoming call-reject


in this case we named the Translation Profile "call_block"

3. Apply Translation Profile to incoming Dial-peers (only) on each router.

dial-peer voice 1 pots

call-block translation-profile incoming call_block

call-block disconnect-cause incoming call-reject

incoming called-number .T

direct-inward-dial

port 0/0/0:23

Thank you

please rate if this will help and good luck

yousefbustami
Level 1
Level 1
In response to islam.kamal

‎02-12-2013 11:49 AM

Thanks Islam,

But how can this rule distinguish if the call is fake or not? I mean call simulator can use a valid number and simulate the call. those rules are just to block a call depending on the caller

0 Helpful

islam.kamal
Level 10
Level 10
In response to yousefbustami

‎02-12-2013 11:53 AM

That is true , if you have known numbers which you neeed to block. For simulate to ideentify the fake numbers , i can think with you . Please tell me for examplea fake number which you have

thank you

0 Helpful

yousefbustami
Level 1
Level 1
In response to islam.kamal

‎02-12-2013 11:56 AM

it can be any customer number ... for example, one can use the simulater to make a call with your number Islam, imagine that this problem on your GSM network, and a hacker used this tool and used your number and call your contact center using your own number,

0 Helpful

islam.kamal
Level 10
Level 10
In response to yousefbustami

‎02-13-2013 12:47 PM

i think for Hackers issues , i think somehing like IPS ,(security device) which can detect soemthing like this

0 Helpful

paolo bevilacqua
Hall of Fame
Hall of Fame
In response to islam.kamal

‎02-13-2013 12:58 PM 

islam.kamal wrote:
i think for Hackers issues , i think somehing like IPS ,(security device) which can detect soemthing like this

No.

IPS is for data network.

OP has the problem on telephone network, that is different..

0 Helpful

islam.kamal
Level 10
Level 10
In response to paolo bevilacqua

‎02-13-2013 02:03 PM

You are right , i know that. what i need to say may be there is a security or monitoring tool can detect this which can detect the session of the intruder and disable it.Anyway , i hope that Mr/Yousef get a olution and please share it .

0 Helpful

paolo bevilacqua
Hall of Fame
Hall of Fame

‎02-13-2013 06:44 AM

No, you cannot block calls appers genuine.

0 Helpful

zhigangyan
Level 1
Level 1

‎02-28-2013 10:41 PM

I think asa firewall with a gtp inspection feature maybe can solve this problem.

0 Helpful

paolo bevilacqua
Hall of Fame
Hall of Fame
In response to zhigangyan

‎03-01-2013 08:53 AM 

zhigangyan wrote:
I think asa firewall with a gtp inspection feature maybe can solve this problem.

As answered above already: no.

0 Helpful

yousefbustami
Level 1
Level 1
In response to zhigangyan

‎03-01-2013 11:49 AM

I am still looking for a way to recognize any parameter can be used, till now I 've found nothing, as you know , SIP protocol has not suciefent  security parameters

0 Helpful

Anas Abueideh
Level 9
Level 9

‎03-04-2013 07:01 AM

Hi,

I have just test the below config and it works fine

voice translation-rule 1

rule 1 reject /065555555/

voice translation-profile block

  translation calling 1

dial-peer voice 1 pots

  incoming called-number .

  call-block translation-profile incoming block

  call-block disconnect-cause incoming call-reject

  direct-inward-dial

  port 0/0/0:15

your incoming calls use SIP trunk or PSTN. if it is SIP I think you need to block the signaling ports based on the source IP.

HTH

Anas

please rate if it is helpful

paolo bevilacqua
Hall of Fame
Hall of Fame
In response to Anas Abueideh

‎03-04-2013 07:06 AM 

aabueideh wrote:
Hi, 
I have just test the below config and it works fine
voice translation-rule 1
 rule 1 reject /065555555/
voice translation-profile block
  translation calling 1
dial-peer voice 1 pots
  incoming called-number .
  call-block translation-profile incoming block
  call-block disconnect-cause incoming call-reject
  direct-inward-dial
  port 0/0/0:15
your incoming calls use SIP trunk or PSTN. if it is SIP I think you need to block the signaling ports based on the source IP.
HTH
Anas
please rate if it is helpful

I'm afraid you do not understand the issue, so try again understaing this:

Cannot block calls having an effectlively spoofed calling number

http://en.wikipedia.org/wiki/Caller_ID_spoofing


Customers Also Viewed These Support Documents