Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
683
Views
10
Helpful
3
Replies

VCSE - Strange call history

Peter Anders
Level 1
Level 1

‎09-02-2013 10:38 PM - edited ‎03-18-2019 01:44 AM

I have been looking through the call history of my Expressway and I am getting a lot of stange call entries similar to this ( See attachment)

Labels:
Preview file
29 KB
0 Helpful
3 Replies 3

Alok Jaiswal
Cisco Employee
Cisco Employee

‎09-02-2013 10:59 PM

Hi Peter,

This are the unwanted users trying to make mailicious call through the VCS-exp.

check page 40 of below document to restrict the calls.

http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_Basic_Configuration_Control_with_Expressway_Deployment_Guide_X7-2.pdf

the example demonstrates call restriction to ISDN gateway but you can built addtional search rules to block this users.

also if you search the support forum you willl get cpl script which also can be used to block this users.

Rgds

Alok

Martin Koch
VIP Alumni
VIP Alumni
In response to Alok Jaiswal

‎09-03-2013 12:23 AM

Alok is definitely right and the deployment guide is what I would also have linked.

There are a some threads around that here in the forum, its worth searching/browsing for them.

Some additional thoughts. Most scans are done today by sip/udp. New VCS setups have that disabled

by default as its not used in most TelePresence/Videoconferencing setups, so it would most likely not

harm you anyhow.

If you do not have an exposed isdn gw these calls just fill up your log and if you have an endpoint

which listens to that address it might get annoying if that rings all the time.

(that also happens with reachable endpoints on public ips)

If you have an ISDN gateway you definitly need to check how to secure it as it can generate high

costs if someone finds a way to dial out to premium numbers or expensive international destinations.

Besides that, what can affect you is that they might end up in some kind of (wanted or not) denial of service (dos)

as it might fill up your mcu or that some loop or many call attempts eat up your call licenses.

You should check why you get a call loop. Thats often caused by matching any search rules in both

directions, additional rewrites by transforms/searchrules, ...

Please remember to rate helpful responses and identify helpful or correct answers.

Please remember to rate helpful responses and identify

ma.romero
Level 2
Level 2

‎09-04-2013 05:54 AM

Hi Peter,

I agree with Alok and Martin.

You have to block call from Internet-->VCSe-->VCSc-->ISDN or another location which hasn't reached from Internet.

If you ISDN dail plan is dialing 0XX XXX XX XX for example, you have to configure a Search Rule in VCSe to block these calls. I mean, create the following rule:

Rule Name: "Block Call To ISDN"

Priority: "1 o 10" low is better to match in a first time

Source: "Named"

Source Name: "DefaultZone"

Mode: "Alias pattern match"

Pattern Type: "Regex"

Pattern String: "0\d+"

Pattern Behavior: "Replace"

Replace String: "Do-not-route-this-call"

On Successful Match: "Stop"

Target: "To Traversal Sever or VCSc"

You have to configure only the Alias that you want to reach from Internet.

regards.

0 Helpful
Customers Also Viewed These Support Documents