Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
14084
Views
15
Helpful
4
Replies

Best practices for securing Expressway B2B traffic against in/out toll fraud

tripbrown
Level 4
Level 4

‎07-06-2017 10:37 AM - edited ‎03-19-2019 12:36 PM

Hi folks,

We have a cluster of Expressway C's and E's and are using them not only for MRA but also as our B2B agent for SIP.  We have on several occasions experienced toll fraud by people sending in SIP requests that are destined to international numbers.  Many times the source can be anything and the destination is any number@our.domain.

i.e Source= sip:1001@bogus_device.domain Destination= sip:International_number@our_SIP_domain .  In this example an unethical SIP client user is sending SIP call requests to our Expressway E, which in turn sends to our C, which then by design sends to our CUCM.  CUCM sees this and says "not mine" so it routes it as a SIP call out of our PSTN SBC.  Toll fraud complete.  :-(

I can stop it almost anywhere and at first I thought doing it at the Expressway E would be best.  But that means I need comprehensive Call Policy rules.  My thoughts are then to do it on CSS on the trunks from CUCM to Expressway C, but for inbound or outbound? As we do need for legitimate traffic to be able to go outbound.

I have a mixture of Local Call Policy, Search Rules, blacklist, and CUCM Calling Search Space as tools for toll fraud prevention but am curious as to best practices for where to apply these tools to traffic seeking to use our Expressways to hairpin back out of our PSTN gateways.  Blacklist is practically off the table as we want to be an openly federated domain.

Any advice, guides, or better still, generic rule configurations at which I could stare and compare?

My apologies if there are more appropriate Communities for this discussion.

Thanks!

3 people had this problem
4 Replies 4

skilambi
VIP Alumni
VIP Alumni

‎07-06-2017 06:14 PM

Not sure if you can get access to this deck but if you can starting from slide 73 it talks about the very same topic Best Practices for Business to Business Video Collaboration (2017 Las Vegas)

courtnash
Level 1
Level 1
In response to skilambi

‎11-20-2019 04:34 AM

Would you happen to have another link to the slides, the page cannot be found now. I'm currently having toll Fraud issues in my environment.

 

Thanks

0 Helpful

mickael.besse
Level 1
Level 1

‎05-06-2020 03:04 AM

Hi Triprown

 

Currently I have the same issue on our Expressway E with call fraud.

Do you have find any sollutions ?

 

Thank 

0 Helpful
Customers Also Viewed These Support Documents