cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
702
Views
0
Helpful
3
Replies

Toll Fraud?

monsterdrinker
Level 1
Level 1

I have a Cisco C20 "TC4.2.1.265253" that exists outside of a firewall with a public IP at one of our sites.  It has been receiving random calls from number@itsownip to number@itsownip.  These calls are random throughout the day, and appear in the middle of a call and cause disruption.

Putting the unit behind a firewall is not an option at this site.  I have already disabled SIP, and it is still occurring.  What else can I do?  How is it dialing what appears to be a SIP call without SIP enabled?  Am I just missing something?

The last thing I did, which may or may not work, was give it an invalid multiway address to at least stop the calls from coming in during a meeting.  This doesn’t prevent the original problem though.

Thanks,

3 Replies 3

amehla
Cisco Employee
Cisco Employee

Please upgrade the codec to software version TC 6.2.

Make sure the system is well protected and that it is placed in DMZ if you need to have it on public IP.

Remember, that upgrading to TC 6.2 will not solve the problem unless below two configurations are applied on unit:

xConfiguration SIP ListenPort: Off

xConfiguration SIP Profile 1 Outbound: On

The solution to avoid incoming calls is to disable SIP listenport and enable SIP outbound. Only calls originating from the VCS will reach the endpoint.

 

It’s a unit we manage, but we do not own it.  It belongs to a small public school, and they do not have the money to pay for an upgrade.  I am trying to find a work around. 

     

Also we do not use a VCS with this site.  It is a standalone system.

If the system is on a public ip it most likely uses h323.

A simple workaround is to disable SIP on the endpoint.

How did you disable sip?

When logged in via ssh as admin as:

xConfiguration NetworkServices SIP Mode: off

should do the trick.

In general all these calls are SIP, but sure it can also be that someone scans using h323 as well.

I would also put it behind a firewall to at least block the management ports (http(s)/telnet/...).

I am not 100% sure how it is legal/policy wise, but for >TC6.1 (current is TC6.2.1) you do not

need a specific release key, so in theory TC6.2.1 would work with the current available release key.

Also suggest them to use a VCS as a service, many companies companies offer that as a service

possibly in your region as well.

Please remember to rate helpful responses and identify helpful or correct answers.

Please remember to rate helpful responses and identify