-
×InformationNeed Windows 11 help?Check documents on compatibility, FAQs, upgrade information and available fixes.Windows 11 Support Center.
-
-
×InformationNeed Windows 11 help?Check documents on compatibility, FAQs, upgrade information and available fixes.Windows 11 Support Center.
-
- HP Community
- Poly Video Conferencing
- Meeting Room Solutions
- Getting repetitive dial-ins from a "Cisco" machine.

Create an account on the HP Community to personalize your profile and ask a question

10-29-2014 12:44 PM
Greetings,
We seem to be encountering a problem for a few days that is not only affecting our units but our client's units.
We are getting multiple calls from a "Cisco" machine in this format;
cisco@10.10.10.10 (The ip is just an example, as it changes each time).
Has anyone had this experience? And if so, how did you solve it?
Thanks in advance
Solved! Go to Solution.
Accepted Solutions
10-31-2014 12:41 PM
These aren't sip calls, they are H.323.calls. It is a toll fraud autodialer program that is searching for IP phones to make free long distance calls. When it hits an H.323 multipoint device it will try to do a dial out from that device. Every example I have seen so far has shown that the dial outs are destined to the UK (all the numbers start with 044 or 0044).
If you have a codec on the public Internet you should turn off auto-answer. If you have a codec on the public Internet you shouldn't have auto-answer on anyway.
If you have a VBP fronting your network you can set up a Drop on WAN prefix rule that will kill those connection. If you have an RPAD you could set up an ACL where you filter out H.323 IDs that contain "cisco".

10-29-2014 01:34 PM
Hi there,
This happened today with us (Sao Paulo - Brazil). When I got into our videoconference room I noticed that there were more than a hundred lost calls. I checked with the technician team and told me it happened on Monday also and they included some ip's into the black list but this is happening with many differente ip's always related to Cisco (see below).
Has anyone a reasonable explanation to this?
162.243.223.37
85.236.48.60
68.235.34.138
27.251.106.77
83.16.211.90
62.99.76.47
82.188.213.26
217.11.187.222
74.95.24.49
27.251.150.44
202.215.5.237
54.225.86.175
Regards,
Fabio


10-31-2014 02:01 AM
what VC components do you guys have in your VC infra.
are you guys using any Firewall traversal solution, what logic is says the dial string from which you guys geeting a call is basically support by cisco VC devices to get connect with particuular EP from internet.
Also please share software version of EP
BR
Yash Pal
10-31-2014 12:41 PM
These aren't sip calls, they are H.323.calls. It is a toll fraud autodialer program that is searching for IP phones to make free long distance calls. When it hits an H.323 multipoint device it will try to do a dial out from that device. Every example I have seen so far has shown that the dial outs are destined to the UK (all the numbers start with 044 or 0044).
If you have a codec on the public Internet you should turn off auto-answer. If you have a codec on the public Internet you shouldn't have auto-answer on anyway.
If you have a VBP fronting your network you can set up a Drop on WAN prefix rule that will kill those connection. If you have an RPAD you could set up an ACL where you filter out H.323 IDs that contain "cisco".
Didn't find what you were looking for? Ask the community