12-29-2014 04:46 PM
Hello;
We are getting constant calls from what looks like an IP address that is trying to use our UC320W to dial out.
I don't think they are succeeding in calling out, but it is causing our phones to ring (shows call from '100').
It is connecting via port 5064 (I'm not sure how... Is this a port of special significance on the UC320W?). I would like to simply block this IP from connecting.
Here is a snippet from our syslogs. I have redacted our IP address, but left the offending IP in. It seems to be from a data center in London. It looks like they are trying to "phone home" to a number in Poland (+48 22 2087 080). They have tried every few seconds through the day with, prefixing the number with various dial-out patterns.
Dec 29 10:35:31 UC320W user.debug voice: INVITE sip:048222087280@12.34.56.78:5064 SIP/2.0
To: 048222087280<sip:048222087280@12.34.56.78>
From: 100<sip:100@12.34.56.78>;tag=2def0e5f
Via: SIP/2.0/UDP 88.150.252.232:5081;branch=z9hG4bK-ebfa656a197010513c29aed83735e7db;rport
Call-ID: ebfa656a197010513c29aed83735e7db
CSeq: 1 INVITE
Contact: <sip:100@88.150.252.232:5081>
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, BYE
User-Agent: sipcli/v1.8
Content-Type: application/sdp
Content-Length: 284
v=0
o=sipcli-Session 1159089971 634590076 IN IP4 88.150.252.232
s=sipcli
c=IN IP4 88.150.252.232
t=0 0
m=audio 5082 RTP/AVP 18 0 8 101
a=fmtp:101 0-15
a=rtpmap:18 G729/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=ptime:20
a=sendrecv
Dec 29 10:35:31 UC320W user.debug voice: SIP/2.0 100 Trying
To: 048222087280<sip:048222087280@12.34.56.78>
From: 100<sip:100@12.34.56.78>;tag=2def0e5f
Call-ID: ebfa656a197010513c29aed83735e7db
CSeq: 1 INVITE
Via: SIP/2.0/UDP 88.150.252.232:5081;branch=z9hG4bK-ebfa656a197010513c29aed83735e7db
Server: Cisco/UC320W-2.3.2(6)
Allow-Events: talk, hold, conference, x-spa-cti
Content-Length: 0
12-29-2014 08:55 PM
Hello prismpcinc,
The UC320W does not come with much in the way of security as the UC320W has very limited firewall functions that are non manageable. If you have a firewall in front of the UC320W you can deny it there so it can not reach the UC320W.
Regards,
Michael D.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide