Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
34620
Views
23
Helpful
7
Replies

$6000 Phone bill from area code 881

Go to solution
ctd_77801
Level 1
Level 1

‎03-28-2011 02:36 PM - edited ‎03-16-2019 04:12 AM

We have a 2800 series router registered to an inhouse PBX.

The 2800 also has a public IP address so that in can establish a VPN tunnel to a remote site and their phones can register through the tunnel.

A couple of weeks ago we recieved a phone bill that showed numerous calls to an 881 area code, with the originating number being a phone on the PBX.

Phone bill.JPG

The bill shows 5 calls being originated from an internal number (347-578-xxxx)  to 5 identical numbers (The first 881 is the terminating number and the second 881 is the dialed digits column)  all at the same time!!!

What we believe happened is a PBX on the internet was searching for a SIP trunk and found our gateway, registered the gateway to their PBX, grabbed a number and started routing calls.

We are going to add a stricter access list on the 2800 and possibly add an ASA5505, but I would like some more insight into how this happened and if there is a better way to prevent it.

Thanks,

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame

‎03-29-2011 08:16 AM

It happened because the person that made the installation was not a true professional and did not put any measure to prevent what a voice gateway is designed to do  - VoIP calls. So you became a victim of toll fraud, that is very common.

Note that "881" is not an US area code, but an international country code assigned to satellite communications, that together with aircrafts, are the most expensive type of destination in telephony.

 

So without getting into to many technical details, you may want to get a better system integrator or consultant to run your system.

View solution in original post

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame
In response to ctd_77801

‎05-21-2015 04:03 PM

Try "Cisco Unified Communications Manager Express System Administrator Guide".

Note: the low rating that you left above doesn't cancel the fact that you need to read, learn, and be more respectful.

View solution in original post

7 Replies 7

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame

‎03-29-2011 08:16 AM

It happened because the person that made the installation was not a true professional and did not put any measure to prevent what a voice gateway is designed to do  - VoIP calls. So you became a victim of toll fraud, that is very common.

Note that "881" is not an US area code, but an international country code assigned to satellite communications, that together with aircrafts, are the most expensive type of destination in telephony.

 

So without getting into to many technical details, you may want to get a better system integrator or consultant to run your system.

Go to solution
ctd_77801
Level 1
Level 1
In response to paolo bevilacqua

‎03-29-2011 08:16 AM

I'm the system technician so short of firing myself, do you have any suggestions on how to prevent this?

Is it just a matter of writing a better access list on the gateway or is it something I need to change in the dial plans?

Are there any configs you can point me to?

I'm still unclear why the initiating number shows up as a phone on my pbx.

Was there another PBX on the internet that was able to register my gateway to it, or did they just register a phone?

Thanks,

0 Helpful

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame
In response to ctd_77801

‎05-21-2015 08:00 AM

As mentioned, all the details are in the product documentation. You will need to read it.

Go to solution
ctd_77801
Level 1
Level 1
In response to paolo bevilacqua

‎05-21-2015 08:19 AM

What documentation are you talking about?

Go to solution
kkoeper12
Level 3
Level 3
In response to ctd_77801

‎05-21-2015 08:44 AM

You need to add the IP addresses of your PBX and SIP provider to your config:

voice service voip
 ip address trusted list
  ipv4 10.1.1.1
  ipv4 10.2.1.1

You may need to upgrade your IOS to have access to this command depending on what version you are running.

 

 

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame
In response to ctd_77801

‎05-21-2015 04:03 PM

Try "Cisco Unified Communications Manager Express System Administrator Guide".

Note: the low rating that you left above doesn't cancel the fact that you need to read, learn, and be more respectful.

Go to solution
Dennis Mink
VIP Alumni
VIP Alumni
In response to ctd_77801

‎05-21-2015 04:14 PM

the mistake that is made is that a voice router should do what its supposed to do: Voice, not VPN and voice. typically, the deployment scenario for this, is to put the router in a DMZ and let your FW do the security. Also applty proper authentication on a SIP level.

 

good luck

Please remember to rate useful posts, by clicking on the stars below.

Customers Also Viewed These Support Documents