Hi folks,
We have a cluster of Expressway C's and E's and are using them not only for MRA but also as our B2B agent for SIP. We have on several occasions experienced toll fraud by people sending in SIP requests that are destined to international numbers. Many times the source can be anything and the destination is any number@our.domain.
i.e Source= sip:1001@bogus_device.domain Destination= sip:International_number@our_SIP_domain . In this example an unethical SIP client user is sending SIP call requests to our Expressway E, which in turn sends to our C, which then by design sends to our CUCM. CUCM sees this and says "not mine" so it routes it as a SIP call out of our PSTN SBC. Toll fraud complete. :-(
I can stop it almost anywhere and at first I thought doing it at the Expressway E would be best. But that means I need comprehensive Call Policy rules. My thoughts are then to do it on CSS on the trunks from CUCM to Expressway C, but for inbound or outbound? As we do need for legitimate traffic to be able to go outbound.
I have a mixture of Local Call Policy, Search Rules, blacklist, and CUCM Calling Search Space as tools for toll fraud prevention but am curious as to best practices for where to apply these tools to traffic seeking to use our Expressways to hairpin back out of our PSTN gateways. Blacklist is practically off the table as we want to be an openly federated domain.
Any advice, guides, or better still, generic rule configurations at which I could stare and compare?
My apologies if there are more appropriate Communities for this discussion.
Thanks!
