<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=text/html;charset=iso-8859-1 http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.18702"></HEAD>
<BODY style="PADDING-LEFT: 10px; PADDING-RIGHT: 10px; PADDING-TOP: 15px"
id=MailContainerBody leftMargin=0 topMargin=0 CanvasTabStop="true"
name="Compose message area">
<DIV><FONT color=#000080 face=Tahoma>Hello Group,</FONT></DIV>
<DIV><FONT color=#000080 face=Tahoma></FONT> </DIV>
<DIV><FONT color=#000080 face=Tahoma>Recently I faced a problem with one of my
client, who has got E1r2, DID/DOD.</FONT></DIV>
<DIV><FONT color=#000080 face=Tahoma>He has Cisco CME and Cisco Voice
Gateway.</FONT></DIV>
<DIV><FONT color=#000080 face=Tahoma>Suddenly all 30 ports got busy with
international calls. All the calls are being generated by ONE IP Phone which has
got local extension 2000.</FONT></DIV>
<DIV><FONT color=#000080 face=Tahoma>This extension was translated to DID
number, so that any call goes out via this number takes the DID and any call
comes on this DID will land on this Phone.</FONT></DIV>
<DIV><FONT color=#000080 face=Tahoma>The CME was configured to access via
outside with live IP. ie Live IP to Local IP (NAT).</FONT></DIV>
<DIV><FONT color=#000080 face=Tahoma>Now the thing here is all the calls which
were generated are international calls, we rebooted the gw, we rebooted the CME
it stayed same..once it reboots all 30 ports got busy with international
calls.</FONT></DIV>
<DIV><FONT color=#000080 face=Tahoma>calls going to african countries/russian
countries( dial codes belongs to these countries).</FONT></DIV>
<DIV><FONT color=#000080 face=Tahoma>When I changed the international dial peer
on the CME they stopped.</FONT></DIV>
<DIV><FONT color=#000080 face=Tahoma>But catch here is they have received more
than 100 k USD bill from TELCO. DEAD DEAD Bang Bang.</FONT></DIV>
<DIV><FONT color=#000080 face=Tahoma>What are the chances of toll Fraud or any
other way of hacking ?</FONT></DIV>
<DIV><FONT color=#000080 face=Tahoma>OR could it be TELCO side
issue?</FONT></DIV>
<DIV><FONT color=#000080 face=Tahoma>Cuz I see mostly calls are being generated
by single DID number ??</FONT></DIV>
<DIV><FONT color=#000080 face=Tahoma></FONT> </DIV>
<DIV><FONT color=#000080 face=Tahoma>Aali</FONT></DIV>
<DIV><FONT color=#000080 face=Tahoma></FONT> </DIV></BODY></HTML>