Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1401
Views
10
Helpful
1
Replies

spam calls expressway-e

Go to solution
bluesea2010
Level 5
Level 5

‎10-10-2021 05:49 AM

Hi,

i am getting spam calls through my expressway-e  

for example , the calls show it is coming from 1000@domain.com ,

and i don't have did 1000 in my cucm, How come they could call extension without a registring 

 

How can i block this 

 

events are below 

Event="Search Attempted" Service="SIP" Src-alias-type="SIP" Src-alias="NoAuth@@domain.com" Dst-alias-type="SIP" Dst-alias="sip:7898@@domain.com" Call-serial-number="dff8b230-9f11-4e4a-b36a-f9f6ae482d4c" Tag="03cd0d25-75bb-49d0-88cb-79408e3e0d28" Detail="searchtype:INVITE" Level="1" "

 

Event="Call Attempted" Service="SIP" Src-ip="x.x.x.x" Src-port="46923" Src-alias-type="SIP" Src-alias="sip:NoAuth@domain.com" Dst-alias-type="SIP" Dst-alias="sip:7898@domain.com" Call-serial-number="dff8b230-9f11-4e4a-b36a-f9f6ae482d4c" Tag="03cd0d25-75bb-49d0-88cb-79408e3e0d28" Protocol="TLS" Auth="NO" Level="1" 

Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Roger Kallberg
VIP
VIP

‎10-10-2021 08:41 AM - edited ‎10-11-2021 06:04 AM

Use CPL, either as configuration put into the web page or as a file to block these calls based on your policy.

As an example this is something similar to what we use on B2B E's.

 

<?xml version="1.0" encoding="UTF-8"?>
<cpl xmlns="urn:ietf:params:xml:ns:cpl" xmlns:taa="http://www.tandberg.net/cpl-extensions" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd">
<taa:routed>
    <address-switch field="destination">
		<address regex="<public IP of E 1>|<public IP of E 2>|<public IP of E 3>|<public IP of E 4>">
			<address-switch field="originating-zone">
				<address is="DefaultZone">
				<!-- Calls coming from the DefaultZone zone are not allowed to use the IP of this gateway -->
				<reject status="403" reason="Denied by policy"/>
				</address>
			</address-switch>
		</address>
			<otherwise>
				<address-switch field="destination">
					<address regex="(.*)<your domain>.com">
						<address-switch field="unauthenticated-origin" subfield="host">
							<address subdomain-of="webex.com">
								<!-- Route the call -->
								<proxy/>
							</address>
							<address subdomain-of="<domain to allow 1>.com">
								<!-- Route the call -->
								<proxy/>
							</address>
							<address subdomain-of="<domain to allow 2>.com">
								<!-- Route the call -->
								<proxy/>
							</address>
							<address subdomain-of="ciscotac.net">
								<!-- Route the call -->
								<proxy/>
							</address>
							<address subdomain-of="ciscospark.com">
								<!-- Route the call -->
								<proxy/>
							</address>
							<otherwise>
								<!-- Reject Calls from All Other Sources  -->
								<reject status="403" reason="Denied by Policy"/>
							</otherwise>
						</address-switch>
					</address>
				</address-switch>
			</otherwise>
	</address-switch>
</taa:routed>
</cpl>

 



Response Signature


View solution in original post

1 Reply 1

Go to solution
Roger Kallberg
VIP
VIP

‎10-10-2021 08:41 AM - edited ‎10-11-2021 06:04 AM

Use CPL, either as configuration put into the web page or as a file to block these calls based on your policy.

As an example this is something similar to what we use on B2B E's.

 

<?xml version="1.0" encoding="UTF-8"?>
<cpl xmlns="urn:ietf:params:xml:ns:cpl" xmlns:taa="http://www.tandberg.net/cpl-extensions" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd">
<taa:routed>
    <address-switch field="destination">
		<address regex="<public IP of E 1>|<public IP of E 2>|<public IP of E 3>|<public IP of E 4>">
			<address-switch field="originating-zone">
				<address is="DefaultZone">
				<!-- Calls coming from the DefaultZone zone are not allowed to use the IP of this gateway -->
				<reject status="403" reason="Denied by policy"/>
				</address>
			</address-switch>
		</address>
			<otherwise>
				<address-switch field="destination">
					<address regex="(.*)<your domain>.com">
						<address-switch field="unauthenticated-origin" subfield="host">
							<address subdomain-of="webex.com">
								<!-- Route the call -->
								<proxy/>
							</address>
							<address subdomain-of="<domain to allow 1>.com">
								<!-- Route the call -->
								<proxy/>
							</address>
							<address subdomain-of="<domain to allow 2>.com">
								<!-- Route the call -->
								<proxy/>
							</address>
							<address subdomain-of="ciscotac.net">
								<!-- Route the call -->
								<proxy/>
							</address>
							<address subdomain-of="ciscospark.com">
								<!-- Route the call -->
								<proxy/>
							</address>
							<otherwise>
								<!-- Reject Calls from All Other Sources  -->
								<reject status="403" reason="Denied by Policy"/>
							</otherwise>
						</address-switch>
					</address>
				</address-switch>
			</otherwise>
	</address-switch>
</taa:routed>
</cpl>

 



Response Signature


Customers Also Viewed These Support Documents