Ok, I have a weird problem that is kind of hard to fully explain. My first thought was some sort of wardialing, but I don't know. It seems as if it's using existing extensions as a starting point and is incrimenting the number from there. For example, my extension is 5329. I got a call from 5329 and it rang for about a half a second. A few minutes later I got a call from 15329 and then a call from 25329, and so on. Everyone in the office is getting the same thing (but with their own extension). It eventually seems to start dialing random numbers. It even called 911 and hung up on them and they called back complaining. If I restart the UC560 it seems to stop for an hour or two and then it starts back up. Does anyone have any clue about this? Is there any way I can at least stop it from calling 911? I know this sounds silly, but I'm at a loss here. Any help would be greatly appreciated.
Thanks for your reply bernhardczapp! No, we're not doing any SIP at all and as far as I can tell other than the VWIC that connects to the ISP's router (which supplies our VoIP service only), the UC560 is not reachable from the internet. Do you know which debug commands that would give me where a call origionates from?
Also, don't be fooled into thinking that your ITSP protects your from unauthenticated connections. I have personally been involved in exactly this scenario, where the client was stuck with a $20k phone bill on a "private" link to the ITSP. You should look at toll fraud prevention mechanisms on your UC560.
Thanks Anthony! I'm reading up on the toll fraud prevention stuff right now. From what I'm reading, it appears that most of this can be resolved by a trusted IP list. I'm waiting on a call back from my ITSP so I can get the correct IP on their side to put in the list (I'm assuming that's what I need to do).