<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Hopefully the CME doesn’t have any Internet accessability? It’s behind a firewall right?<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> cisco-voip-bounces@puck.nether.net [mailto:cisco-voip-bounces@puck.nether.net] <b>On Behalf Of </b>Jawad A Hai<br><b>Sent:</b> Saturday, January 15, 2011 1:21 PM<br><b>To:</b> cisco-voip@puck.nether.net<br><b>Subject:</b> [cisco-voip] E1 call Fraud + h.323 Gw<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:navy'>Hello Group,</span><o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:navy'>Recently I faced a problem with one of my client, who has got E1r2, DID/DOD.</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:navy'>He has Cisco CME and Cisco Voice Gateway.</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:navy'>Suddenly all 30 ports got busy with international calls. All the calls are being generated by ONE IP Phone which has got local extension 2000.</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:navy'>This extension was translated to DID number, so that any call goes out via this number takes the DID and any call comes on this DID will land on this Phone.</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:navy'>The CME was configured to access via outside with live IP. ie Live IP to Local IP (NAT).</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:navy'>Now the thing here is all the calls which were generated are international calls, we rebooted the gw, we rebooted the CME it stayed same..once it reboots all 30 ports got busy with international calls.</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:navy'>calls going to african countries/russian countries( dial codes belongs to these countries).</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:navy'>When I changed the international dial peer on the CME they stopped.</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:navy'>But catch here is they have received more than 100 k USD bill from TELCO. DEAD DEAD Bang Bang.</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:navy'>What are the chances of toll Fraud or any other way of hacking ?</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:navy'>OR could it be TELCO side issue?</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:navy'>Cuz I see mostly calls are being generated by single DID number ??</span><o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:navy'>Aali</span><o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div></div></body></html>
<HTML><BODY><P><hr size=1></P>
<P><STRONG>
Disclaimer:
This e-mail communication and any attachments may contain confidential and privileged information and is for use by the designated addressee(s) named above only. If you are not the intended addressee, you are hereby notified that you have received this communication in error and that any use or reproduction of this email or its contents is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to this message and deleting it from your computer. Thank you.
</STRONG></P></BODY></HTML>