[cisco-voip] Phone Fraud H.323

Nick Britt nickolasjbritt at gmail.com
Mon Sep 12 22:11:07 EDT 2016


Do a

Sh run all | sec dial-p

If you don't have any DP's in the config I would imagine you are OK.

On Monday, 12 September 2016, Lelio Fulgenzi <lelio at uoguelph.ca> wrote:

>
> Here's a question:
>
> We're using PRIs w/ MGCP so I'm assuming we're not affected. However, we
> have SRST configured, which I believe uses H323.
>
> Could this affect us as well?
>
> Lelio
>
> Sent from my iPhone
>
> On Sep 11, 2016, at 8:46 PM, Lelio Fulgenzi <lelio at uoguelph.ca
> <javascript:_e(%7B%7D,'cvml','lelio at uoguelph.ca');>> wrote:
>
> +1 here. By default with (the older?) IOS if someone dialled a number
> associated with the line plugged into your router, you'd get dial tone and
> from there you could dial an number the dial plan allowed.
>
>
>
> Sent from my iPhone
>
> On Sep 11, 2016, at 11:49 AM, Nick Britt <nickolasjbritt at gmail.com
> <javascript:_e(%7B%7D,'cvml','nickolasjbritt at gmail.com');>> wrote:
>
> Hi David,
>
> Can I ask Which version of IOS you are using?
>
> Also could you post your incoming dial peer configuration or are you just
> using the default DP 0?
>
> Ive experienced a similar issue before (luckily I didn't configure this
> particular deployment)
>
> Before IOS 15 (I believe) direct in ward dial was not applied to the
> default dial peer. This allows people to call in on an unnnallocated number
> with in the DID range and receive a dial tone. (Check it out quite scary)
>
> The resolution was to apply the command direct in wars dial to all
> incoming dial peers.
>
> I will try and dig out the link from Cisco.
>
>
>
> On Sunday, 11 September 2016, David Zhars <dzhars at gmail.com
> <javascript:_e(%7B%7D,'cvml','dzhars at gmail.com');>> wrote:
>
>> So yesterday I was alerted by our landline company that some of our phone
>> numbers that come in POTS on an H323 router, we being used for phone
>> fraud.  I am wondering how this happens with an H323 router (I am familiar
>> with someone hacking Unity and setting up actions to route to Jamaica once
>> someone leaves a voicemail or similar).
>>
>> The odd part is that these numbers are almost NEVER used for calling out,
>> unless the user presses a 7 for an outbound line (versus an 8 which puts
>> the call out on ISDN).
>>
>> I found a link on how to disable OffNet calling in UCM, but should I
>> instead look at securing the H323 router?  Or does the call blocking rule
>> need to be done in UCM?
>>
>> Thanks for any enlightenment you can provide.
>>
>> PS- Client is in USA, call fraud to Jamaica which does not require a
>> country code, so harder to block.
>>
>
>
> --
> - Nick
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> <javascript:_e(%7B%7D,'cvml','cisco-voip at puck.nether.net');>
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> <javascript:_e(%7B%7D,'cvml','cisco-voip at puck.nether.net');>
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>

-- 
- Nick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20160912/fe956005/attachment.html>


More information about the cisco-voip mailing list