03-11-2022 03:33 AM
Hi guys
I have had a round of spoofed sip calls come in again to our EXP-E and they are getting through to users, I have tried to block the below but I believe they are still coming in, is the below syntax correct, I have removed our domain for privacy.
I have put the 2 reject rules in
src pattern
dest pattern
(.*)(@vc.xyz.com).*
I can see the logs blocking it but I believe they are still coming in
tvcs: Event="Call Rejected" Service="SIP" Src-ip="23.19.77.1" Src-port="18151" Src-alias-type="SIP" Src-alias="sip:1000@192.168.1.1" Dst-alias-type="SIP" Dst-alias="sip:69@xyz-expressway-e-1.xyz.com" Call-serial-number="e8a12efd-7289-4bb3-ac4b-8eaaa88ca23f" Tag="2c783c7b-6db8-43b9-a7d8-f1d2fad1179d" Detail="Not found" Protocol="TCP" Response-code="404" Level="1" UTCTime="2022-03-11 11:30:32,487"
Does the above log mean it is being blocked on the EXP-E ?
And is my syntax for the string correct? I want to block anything coming from 1000 at any ip or domain to any of our devices.
cheers
03-11-2022 05:28 AM
As you see in your error log, it gives a "404 Not found". Which means, it isn't hitting any search rule.
If it would be blocked, then you would get a "403 Forbidden".
Your src pattern only blocks calls from this specific pattern, and not like you want "block calls from 1000 with any ip or domain"
You need something like 1000\@.*
03-11-2022 10:45 AM
Hi carl,
This manual entry will not work... Try to upload xml based cpl ..they are 100% effective and also you can use firewall option in expressway ...
03-12-2022 11:07 AM
Hi , carl
You should check CPL Reference Chapter from Expressway Administrator Guide
In this Chapter you can find ideas and examples which resolves your issue.
BR Oleksandr
05-28-2022 10:49 PM
I think the best available solution right now is blocking B2B incoming calls by using call policy rules, just block any traffic .* at source pattern to reach any extension in your organization for example.*@OTLD , and later if you need to allow particular B2B incoming call, you can whitelist it through the call policy rules
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide