cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4744
Views
5
Helpful
4
Replies

Hack attack on VCS Express

Randy Watson
Level 1
Level 1

Hi,

I have a hacker continually trying to hack our VCS and he (his robot) is not giving up. 

He arrives on our VCS express and or Control with id "cisco" and is trying to call over the communication manager dialing various combinations of numbers , I would like to simply add a CPL entry to block anything arriving with "cisco" 

Does anyone have an example of how to add a source like this in the cpl file and send him off into nirvana?

Any help would be appreciated.

Randy

1 Accepted Solution

Accepted Solutions

The one I uploaded should be used on the VCS-E since these call attempts are originating from the wild, this is where I also have ISDN blocks in place to prevent external sites from accessing our ISDN gateways.

However, I do not use CPL for that, only search rules, see page 39 of the deployment guide  http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/X8-5/Cisco-VCS-Basic-Configuration-Control-with-Expressway-Deployment-Guide-X8-5.pdf - having said that, there's obviously nothing wrong with using CPL. :)

Which one you use is neither here nor there, you'll have to edit it anyway :) - just open it in Notepad and insert the additional rules and upload on the VCS-E.

Both VCS-C and VCS-E use the same format, so to create a new rule you would do something like this:

<taa:rule authenticated-origin="insert pattern here" destination="insert pattern here">

<reject status="insert here" reason="insert here">

</taa:rule>

You don't need to specify the reason, but some times it is satisfying to send them a customised message even though they probably won't read or see it. :)

You should include a rule for unauthenticated origin as well though.

It's basic XML, each rule begins with <taa:rule and ends with </taa:rule>

There's quite a few threads in the Telepresence support forum about isdn toll fraud which may be of interest to you - this one shows how to break the dial string.

/jens

Please rate replies and mark question(s) as "answered" if applicable.

 

Please rate replies and mark question(s) as "answered" if applicable.

View solution in original post

4 Replies 4

Jens Didriksen
Level 9
Level 9

This is a very well known issue; see https://supportforums.cisco.com/discussion/12336591/sourceh323idcisco-incomingcalls and https://supportforums.cisco.com/discussion/12473696/receiving-automatic-calls-cisco-name-continuously - there are some others as well.

You can block them with CPL, but they'll still fill up the call log unfortunately.

Attached part of cpl I, and others, are using. Change the reason to whatever you want. :)

/jens

Please rate replies and mark question(s) as "answered" if applicable.

Please rate replies and mark question(s) as "answered" if applicable.

Great to have such quick answers here!!

I kinda figured it would be known, I just hadn't put in the right search criteria to find them.

Jens, we currently have an active CPL on the vcs control for ISDN call-in abuse and would like to either edit this to include your suggestion or create a new one containing your recommendation and activate it on the Expressway.  What would you recommend??

If on Control, what is the proper format for additional rules/lines, the documents I have found only include simple 1 rule examples.

Thanks,

Randy

The one I uploaded should be used on the VCS-E since these call attempts are originating from the wild, this is where I also have ISDN blocks in place to prevent external sites from accessing our ISDN gateways.

However, I do not use CPL for that, only search rules, see page 39 of the deployment guide  http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/X8-5/Cisco-VCS-Basic-Configuration-Control-with-Expressway-Deployment-Guide-X8-5.pdf - having said that, there's obviously nothing wrong with using CPL. :)

Which one you use is neither here nor there, you'll have to edit it anyway :) - just open it in Notepad and insert the additional rules and upload on the VCS-E.

Both VCS-C and VCS-E use the same format, so to create a new rule you would do something like this:

<taa:rule authenticated-origin="insert pattern here" destination="insert pattern here">

<reject status="insert here" reason="insert here">

</taa:rule>

You don't need to specify the reason, but some times it is satisfying to send them a customised message even though they probably won't read or see it. :)

You should include a rule for unauthenticated origin as well though.

It's basic XML, each rule begins with <taa:rule and ends with </taa:rule>

There's quite a few threads in the Telepresence support forum about isdn toll fraud which may be of interest to you - this one shows how to break the dial string.

/jens

Please rate replies and mark question(s) as "answered" if applicable.

 

Please rate replies and mark question(s) as "answered" if applicable.

Works quite well,

Thanks,

Randy