What happens?
- You get continuous calls from random IP addresses on your Video Conferencing Unit.
What is happening?
You're being scanned by someone looking to make free phone calls. These guys are getting to be very bothersome, they're now trying on both UDP and TCP via H.323.
If your IP is set to Public then at some point everyone could get into this issue.
What can be done?
- Deploy Video Border Proxy (VBP)
but it is very expensive at least for me.
http://www.polycom.com.au/products-services/realpresence-platform/universal-access-security/vbp-e-series.html
You could try:
Configure firewall to block all incoming IPs except for those you specify or allow to dial incoming into your network.
You have a VBP, you may be able to adjust settings there to block the calls (like on a Cisco VCS you can create a CPL script that can stop calls)
I'm not aware of a way on the endpoints to prevent these calls, because this is using H323 TCP, it's very hard to prevent them without breaking H323.
Other ways:
- Put the device to 'DO NOT DISTURB' mode.
This might help as the hackers might think that you have a firewall system.
- Shutdown the system.
This might be helpful but hackers might still put you in their wishlist.
- Disconnect the LAN while device is not in use.
This might be helpful but hackers might still put you in their wishlist.
If you have access to your ROUTER then:
Add below to ACL allowing only the necessary traffic.
- You get continuous calls from random IP addresses on your Video Conferencing Unit.
What is happening?
You're being scanned by someone looking to make free phone calls. These guys are getting to be very bothersome, they're now trying on both UDP and TCP via H.323.
If your IP is set to Public then at some point everyone could get into this issue.
What can be done?
- Deploy Video Border Proxy (VBP)
but it is very expensive at least for me.
http://www.polycom.com.au/products-services/realpresence-platform/universal-access-security/vbp-e-series.html
You could try:
Configure firewall to block all incoming IPs except for those you specify or allow to dial incoming into your network.
You have a VBP, you may be able to adjust settings there to block the calls (like on a Cisco VCS you can create a CPL script that can stop calls)
I'm not aware of a way on the endpoints to prevent these calls, because this is using H323 TCP, it's very hard to prevent them without breaking H323.
Other ways:
- Put the device to 'DO NOT DISTURB' mode.
This might help as the hackers might think that you have a firewall system.
- Shutdown the system.
This might be helpful but hackers might still put you in their wishlist.
- Disconnect the LAN while device is not in use.
This might be helpful but hackers might still put you in their wishlist.
If you have access to your ROUTER then:
Add below to ACL allowing only the necessary traffic.
permit
tcp any any eq 24
permit udp any any eq 24
permit tcp any any range 161 162
permit udp any any range snmp snmptrap
permit tcp any any eq cmd
permit udp any any eq syslog
permit udp any any eq 24
permit tcp any any range 161 162
permit udp any any range snmp snmptrap
permit tcp any any eq cmd
permit udp any any eq syslog
