RE: Protecting the CME from inboud voip calls

Two great fixes. I would rather have calls fail for a configuration reason
than have calls to Cuba or North Korea run up a bill with dial-peer 0
"helping" me.

-ryan

From: Nick Matthews [mailto:matthn_at_gmail.com]
Sent: Thursday, March 24, 2011 9:47 PM
To: George Goglidze
Cc: Ryan West; Adel Abushaev; Amin; ccielab_at_groupstudy.com
Subject: Re: Protecting the CME from inboud voip calls

CUBE, CME, it all runs on the same voice stack underneath.

Here's the feature described in a less-CME fashion if you're curious:
http://www.cisco.com/en/US/tech/tk652/tk90/technologies_tech_note09186a0080b3
e123.shtml

-nick
On Thu, Mar 24, 2011 at 6:45 PM, George Goglidze
<goglidze_at_gmail.com<mailto:goglidze_at_gmail.com>> wrote:
Hi Ryan,

Some new call fraud prevention features introduced with CUCME 8.5 are
described in CUCME Configuration Guide:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucme/admin/configuration/guide
/cmetoll.html

Hope this helps,

On Thu, Mar 24, 2011 at 10:41 PM, Ryan West
<rwest_at_zyedge.com<mailto:rwest_at_zyedge.com>> wrote:
That was the CUBE enhancement for 8.5, right nick? Do you have a link for the
behavior change?

Sent from handheld

On Mar 24, 2011, at 6:18 PM, "Nick Matthews"
<matthn_at_gmail.com<mailto:matthn_at_gmail.com>> wrote:

> This is almost always SIP traffic. Block UDP and TCP port 5060 on your
> internet port and you won't have problems. While you're at it you should
> block TCP 1720 (H.323) as well, although it's a much less used toll fraud
> mechanism. They changed this behavior in 15.1(2)T where you won't accept
> incoming calls unless they are on a outgoing dial peer.
>
> -nick
>
> On Thu, Mar 24, 2011 at 4:47 PM, Adel Abushaev
<adel_at_netmasterclass.net<mailto:adel_at_netmasterclass.net>>wrote:
>
>> If u still want to have traffic (for what?) but block it in dialplan, why
>> don't u just configure corlists?
>>
>> -----Original Message-----
>> From: Amin
>> Sent: Thursday, March 24, 2011 20:11
>> To: 'George Goglidze'
>> Cc: ccielab_at_groupstudy.com<mailto:ccielab_at_groupstudy.com>
>> Subject: RE: Protecting the CME from inboud voip calls
>>
>> My CME is using FXO ports, i.e. I don't have DID, I am using PLAR, can't I
>> configure a dial-peer voice 20 voip using the incoming called-number .T,
>> then block the call.
>>
>>
>>
>>
>>
>> From: George Goglidze
[mailto:goglidze_at_gmail.com<mailto:goglidze_at_gmail.com>]
>> Sent: Thursday, March 24, 2011 9:40 AM
>> To: Amin
>> Cc: ccielab_at_groupstudy.com<mailto:ccielab_at_groupstudy.com>
>> Subject: Re: Protecting the CME from inboud voip calls
>>
>>
>>
>> Hi,
>>
>>
>>
>> You can use access-list for that purpose... and allow connections only
from
>> known hosts...
>>
>>
>>
>> Regards,
>>
>> On Fri, Mar 25, 2011 at 1:30 AM, Amin
<amin_at_axizo.com<mailto:amin_at_axizo.com>> wrote:
>>
>> Hi experts,
>>
>>
>>
>> How I can protect my CME from someone configuring a VOIP dial-peer
pointing
>> to my CME real IP, then my CME match inbound dial-peer 0 and route it
using
>> one of my outgoing dial-peer??
>>
>>
>>
>> Regards,
>>
>> Amin
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Fri Mar 25 2011 - 02:01:50 ART