Receiving calls from CISCO on all random public systems

Steve Deslandes · ‎11-15-2014

I am receiving random calls from a site called CISCO on every public systems I have either it be infrastructure (MCU with VFO or VCS Expressway) or endpoints (Not registered to infrastructure. H.323 ONLY. SIP DISABLED). Can someone let me know how we can block these attacks as I am unable to see the IP hidden behind this site. I was able to block most of it on my infrastructure by adjusting my search rules but it's a real pain for my public systems. Is there a way to fix this? Thanks

Jens Didriksen · ‎11-15-2014

This is a very well known issue; here is just one of the threads dealing with this: https://supportforums.cisco.com/discussion/12336591/sourceh323idcisco-incomingcalls - and no, nothing much you can do if the systems sits out in the "wild" apart from turning off auto-answer etc.

Also see http://www.videonationsltd.co.uk/2014/11/h-323-cisco-spam-calls/

/jens

Please rate replies and mark question(s) as "answered" if applicable.

Patrick Sparkman · ‎11-15-2014

Hello Steve -

As Jens pointed out, it's a known issue hitting anyone that has a video conference system that is publicly accessible. You can prevent the calls on your VCS using CPL, there is an example script I uploaded into the first discussion Jens provided you. For codecs, the best solution is to block all incoming traffic, and only allow those you approve.