[cisco-voip] External call attempts to Expressway E

[Pawlowski, Adam]

All,

I know I'd asked here and elsewhere in the past regarding spam calls and call setup attempts, which seem to be part of the reality of being on the public internet. We see consistent call attempts from our own domain, as well as @google.com . More lately, I see them pop up with the from address of what appears to be another customer's Expressway E. Not many, but a few.

When I set up CPL on our appliances I had referred initially to this blog post:

https://ciscoshizzle.blogspot.com/2016/05/hardening-your-cisco-vcs-expressway.html

Expressway was new to me and the documentation was (is) not such that you could simply open it and understand how to set it all up end to end without going through the process as the tasks are sort of split between documents. I wanted to note that in this blog they mention that they don't make any attempt to block routing externally, such that you wouldn't necessarily care to block calls from the default zone back out across DNS because they weren't coming to your enterprise. I am assuming that it is possible to configure your search rules to allow this to happen.

I don't understand the point of this, other than perhaps you could attempt calls through known hosts in case they happened to have some sort of trust relationship running, or to try and skirt (or poison) blacklists.

Is anyone else seeing that type of call attempt? Do you think it's worth trying to reach out to groups that appear to be proxying these calls?

Best,

Adam Pawlowski
SUNYAB NCS

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190429/22fcf824/attachment.html>