Hello;

We are getting constant calls from what looks like an IP address that is trying to use our UC320W to dial out.

I don't think they are succeeding in calling out, but it is causing our phones to ring (shows call from '100').

It is connecting via port 5064 (I'm not sure how... Is this a port of special significance on the UC320W?). I would like to simply block this IP from connecting.

Here is a snippet from our syslogs. I have redacted our IP address, but left the offending IP in. It seems to be from a data center in London. It looks like they are trying to "phone home" to a number in Poland (+48 22 2087 080). They have tried every few seconds through the day with, prefixing the number with various dial-out patterns.

Dec 29 10:35:31 UC320W user.debug voice: INVITE sip:048222087280@12.34.56.78:5064 SIP/2.0
To: 048222087280<sip:048222087280@12.34.56.78>
From: 100<sip:100@12.34.56.78>;tag=2def0e5f
Via: SIP/2.0/UDP 88.150.252.232:5081;branch=z9hG4bK-ebfa656a197010513c29aed83735e7db;rport
Call-ID: ebfa656a197010513c29aed83735e7db
CSeq: 1 INVITE
Contact: <sip:100@88.150.252.232:5081>
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, BYE
User-Agent: sipcli/v1.8
Content-Type: application/sdp
Content-Length: 284

v=0
o=sipcli-Session 1159089971 634590076 IN IP4 88.150.252.232
s=sipcli
c=IN IP4 88.150.252.232
t=0 0
m=audio 5082 RTP/AVP 18 0 8 101
a=fmtp:101 0-15
a=rtpmap:18 G729/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=ptime:20
a=sendrecv

Dec 29 10:35:31 UC320W user.debug voice: SIP/2.0 100 Trying
To: 048222087280<sip:048222087280@12.34.56.78>
From: 100<sip:100@12.34.56.78>;tag=2def0e5f
Call-ID: ebfa656a197010513c29aed83735e7db
CSeq: 1 INVITE
Via: SIP/2.0/UDP 88.150.252.232:5081;branch=z9hG4bK-ebfa656a197010513c29aed83735e7db
Server: Cisco/UC320W-2.3.2(6)
Allow-Events: talk, hold, conference, x-spa-cti
Content-Length: 0