TelePresence MX300 G2

eng_samehhussein20111 · ‎10-27-2015

I am receiving unknown incoming sip calls on TelePresence MX300 G2

Patrick Sparkman · ‎10-28-2015

Are they recieving H323 or SIP calls? Depending on which, there are two possible methods to help midigate these calls.

If H323, see Acevirgil's reply. You'll have to rely on your ogranizations firewall to determine who can access the endpoint, either setup using NAT or an ACL.

If SIP, you can turn off SIP on the endpoint.

If you have a call control server such as CUCM or VCS, it's hightly recommended to register the codecs to one of those, and close any open firewalls that go to the codecs.

Acevirgil de Ocampo · ‎10-28-2015

Is your system deployed as stand alone without any registration to VCS or CUCM?

This issue usually encounterd when the video endpoint is configured with public IP address or in deployed in LAN with NAT configuration.

This is caused by an H.323 scanning tool that is part of a penetration testing product called “Metasploit,” which has basically got in to the wrong hands.

The aim of this malicious activity is to carry out “toll-fraud” by forcing the receiving video endpoint to make a dial out call to the PSTN/ISDN network, frequently to a premium rate phone number, which not only costs the victim potentially a large amount of money in call costs but also lines the pockets of the fraudsters who also own the premium rate service. The secondary aim of this activity from less “dangerous” parties is just simply to annoy.

Take a look at this link for some recommendations on how to mitigate this kind of toll-fraud.

https://www.vcwarehouse.com/kb_results.asp?ID=5

regards,

Acevirgil