[cisco-voip] Phone Fraud H.323

David Zhars dzhars at gmail.com
Mon Sep 12 08:55:34 EDT 2016 

IOS 12.4, which is odd, since some of the other ones are v15

Here's the dial peer stuff on the 2800 router: (masked IPs)

dial-peer voice 300 voip
 destination-pattern 1...
 voice-class codec 1
 session target ipv4:192.168.xx.yy
 dtmf-relay h245-alphanumeric
 fax-relay ecm disable
 fax rate disable
 no vad
!
dial-peer voice 301 voip
 destination-pattern 4...
 voice-class codec 1
 session target ipv4:192.168.xx.yy
 dtmf-relay h245-alphanumeric
 fax-relay ecm disable
 fax rate disable
 no vad

There are a couple others, but similar, just diff destination-pattern




On Sun, Sep 11, 2016 at 11:48 AM, Nick Britt <nickolasjbritt at gmail.com>
wrote:

> Hi David,
>
> Can I ask Which version of IOS you are using?
>
> Also could you post your incoming dial peer configuration or are you just
> using the default DP 0?
>
> Ive experienced a similar issue before (luckily I didn't configure this
> particular deployment)
>
> Before IOS 15 (I believe) direct in ward dial was not applied to the
> default dial peer. This allows people to call in on an unnnallocated number
> with in the DID range and receive a dial tone. (Check it out quite scary)
>
> The resolution was to apply the command direct in wars dial to all
> incoming dial peers.
>
> I will try and dig out the link from Cisco.
>
>
>
> On Sunday, 11 September 2016, David Zhars <dzhars at gmail.com> wrote:
>
>> So yesterday I was alerted by our landline company that some of our phone
>> numbers that come in POTS on an H323 router, we being used for phone
>> fraud.  I am wondering how this happens with an H323 router (I am familiar
>> with someone hacking Unity and setting up actions to route to Jamaica once
>> someone leaves a voicemail or similar).
>>
>> The odd part is that these numbers are almost NEVER used for calling out,
>> unless the user presses a 7 for an outbound line (versus an 8 which puts
>> the call out on ISDN).
>>
>> I found a link on how to disable OffNet calling in UCM, but should I
>> instead look at securing the H323 router?  Or does the call blocking rule
>> need to be done in UCM?
>>
>> Thanks for any enlightenment you can provide.
>>
>> PS- Client is in USA, call fraud to Jamaica which does not require a
>> country code, so harder to block.
>>
>
>
> --
> - Nick
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20160912/de745f18/attachment.html>

More information about the cisco-voip mailing list