cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
618
Views
0
Helpful
4
Replies

Expressway spam calls with an ip address

extremum
Level 1
Level 1

Hi Guys ,

There ara a lot of spam calls coming to expressway-e , we have already configured an CPL to block these calls thus they are blocking , but some calls are hitting our internal device like as source is an ip x.x.x.x and the destination is our device 1234@ourdoimain.com , we added new rules to block x.x.x.x it works but now they are coming as x.x.x.y , btw all of these calls are sip calls. My question is , is there any way to create CPL rule to block all incoming calls if source is just an ip ? Or if it is possible we want to block the subnet like as x.x.x.x/24  .

Our CPL is like as below ;

 

<taa:rule unauthenticated-origin="x.x.x.x" destination=".*">
<reject status="403" reason="Denied by policy"/>
</taa:rule>

 

 

1 Accepted Solution

Accepted Solutions

Jonathan Schulenberg
Hall of Fame
Hall of Fame

Both are possible; you just need to build the RegEx pattern. Example: (.+@)?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}((:|;).*)?

View solution in original post

4 Replies 4

Jonathan Schulenberg
Hall of Fame
Hall of Fame

Both are possible; you just need to build the RegEx pattern. Example: (.+@)?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}((:|;).*)?

Hello Jonathan ,

thanks for your advice , i think  d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}((:|;).*)? is works for me because i do not want to block something@x.x.x.x  just want to block x.x.x.x , when i check the pattern on exp i see that " IP address aliases are not supported for pattern matching " it does not mean this pattern does not work with CPL , right ?

AFAIK, CPLs do not act upon direct IP calls, as that error message indicates. Unless you have defined a Fallback Alias (Configuration > Dial Plan > Configuration)  Expressway-E will just drop those call attempts though. Setting a Fallback Alias is rarely a good idea, IMO. The only time I have seen it used is with an MCU video IVR: legacy hardware only capable of a direct IP call would be connected to the MCU to enter a meeting ID they wanted to join.

Calls are coming as source as like below ;

Alias (1)
Type: Url
Origin: Unknown
Value: 1.2.3.4
So ı created a rule like as below ; and i block "1.2.3.4" but it is not enough because they will try call  as 1.2.3.5 later ...

<taa:rule unauthenticated-origin="1.2.3.4" destination=".*">
<reject status="403" reason="Denied by policy"/>
</taa:rule>

AFAIK Fallback Alies configuration is just for the destination  , if someone call us with just our domain we can forward these calls to alias@domain .