×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

IP Office DDI no incoming call route ghost calls

IP Office DDI no incoming call route ghost calls

IP Office DDI no incoming call route ghost calls

(OP)
Hello,

We were alerted from the phone company that we had calls trying to dial random countries so they blocked it. In the system status I am seeing errors for the following line had no incoming call route for the call and then a random DDI, the current one has 18 digits. The phone company says they aren't seeing the traffic on their end coming in yet I am getting a ton of these errors. We have checked the server the software is running on and don't see anything on it. I have also changed all the passwords to log into the ip office. Has anyone seen anything like this before and know how to stop it. Any ideas are much appreciated!

RE: IP Office DDI no incoming call route ghost calls

Are these attempts to dial out or in from your Phone system?
What type of line? If SIP trunk, do you have a firewall in between or the IPO has a public IP?

RE: IP Office DDI no incoming call route ghost calls

your system is tried to hack by hacker for international calls to burden huge telco bills.change sip ports,use alphanumeric and special character passwords,
if not necessary block international calls on telco lines.Ask firewall team to configure blacklist IP,deny international calls on extensions during night hours as per your country time table.If any one want international calling try to force pin dialing.

RE: IP Office DDI no incoming call route ghost calls

Google ip office security. Avaya has several version dependent guide line docs.

Dermis and feline can be divorced by manifold methods.*
*(Disclaimer for all advise given)--'Version Dependent'

RE: IP Office DDI no incoming call route ghost calls

(OP)
It appears they are dialing from the inside. It's a trunk that comes in from the IPO and is converted to a PRI in the avaya. In the sys monitor it shows as the number being dialed but then it gets shut down. I'm trying to figure out what is doing the dialing so I can shut it down.

I'll look at the guide I found in terms of security. Thanks for the responses.

RE: IP Office DDI no incoming call route ghost calls

sysmon traces with ISDN L2 and L3 filters and short codes and some others on will tell the tale but then you need someone who can read the traces.

BTW IPO does not convert anything to PRI. Instead an IAD(Integrated Access Device) can take a SIP trunk from the provider and convert to mixed media for different uses by the premise. One thing it can convert a provider SIP line is to a PRI line which can then be connected to IPO.

RE: IP Office DDI no incoming call route ghost calls

(OP)
Yeah should of been clearer on that. The sip trunk comes off the IPO switch into an adtran device and then into the pri port on the avaya. I've changed all the passwords and have rebooted but still not sure what's going on. The unit itself doesn't have internet access. Below is what I see when a call is generated but don't have enough knowledge to know where exactly it is generating from. I'm think its time to get a phone vendor involved at this point.

22:52:51 1600570mS CMTARGET: ISDN BChannel 1: in-service check = 1
22:52:51 1600571mS CMLineRx: v=1
CMSetup
Line: type=Q931Line 1 Call: lid=1 id=7 in=1
Called[99999999999999999999] Type=Unknown (0) Reason=CMDRdirect SndComp Calling[] Type=Unknown Plan=Unknown Pres=Allowed (0)
BC: CMTC=Speech CMTM=Circuit CMTR=64 CMST=Default CMU1=ULaw
BChan: slot=0 chan=1
IE CMIESupplementaryService (3)
Interpretation APDU
rejectAnyUnrecognisedInvokePdu
CallingName.Invoke.CodePageUnknown
invokeId 1
user '' presentation Restricted
22:52:51 1600571mS PRN: Q931Trunk: Found QBChannel to match 0.1 --> 1.2
22:52:51 1600571mS CMCallEvt: 0000000000000000 0.1014.0 -1 BaseEP: NEW CMEndpoint f197573c TOTAL NOW=1 CALL_LIST=0
22:52:51 1600571mS CMTARGET: ISDN BChannel 1: in-service check = 1
22:52:51 1600572mS CMTARGET: ISDN BChannel 1: in-service check = 1
22:52:51 1600572mS CMCallEvt: CREATE CALL:7 (f19750c4)
22:52:51 1600572mS CMCallEvt: 0000000000000000 0.1015.0 -1 BaseEP: NEW CMEndpoint f19737b8 TOTAL NOW=2 CALL_LIST=0
22:52:51 1600574mS CD: CALL: 1.7.1 BState=Idle Cut=1 Music=0.0 Aend="Line 1" (1.2) Bend="" [] (0.0) CalledNum=99999999999999999999 () CallingNum= () Internal=0 Time=2 AState=Idle
22:52:51 1600574mS CD2: CALL:S 1.7.1,0.1015.0,0,0,1,0,0,0,Line 1,,,1.2,0.0,100.0,99999999999999999999,0.0,,,,100,,100,,0,16,0,1,0.0,,,,,,,0,2,0,0,0,0,,,0,,0,0,0,0,,7,0,0,,0,,3,0,0,0,0,0,0,1,618,1,,,,,,,,,,,,,,,
22:52:51 1600574mS CMCallEvt: 0a1e141e00000007 1.7.1 7 Q931 Trunk:1 CHAN=1: StateChange: END=A CMCSIdle->CMCSDialInitiated
22:52:51 1600575mS CMTARGET: 0a1e141e00000007 1.7.1 7 Q931 Trunk:1 CHAN=1: LOOKUP CALL ROUTE: GID=0 type=0 called_party=99999999999999999999 sub= calling= calling_sub= dir=in complete=1 ses=0
22:52:51 1600576mS CMLOGGING: CALL:2020/07/1422:52,00:00:00,000,,I,99999999999999999999,99999999999999999999,,,,0,,"",0,n/a
22:52:51 1600576mS CD: CALL: 1.7.1 BState=Idle Cut=0 Music=0.0 Aend="Line 1" (1.2) Bend="" [] (0.0) CalledNum=99999999999999999999 () CallingNum= () Internal=0 Time=4 AState=Dialling
22:52:51 1600577mS CD2: CALL:S 1.7.1,0.1015.0,7,0,0,0,0,0,Line 1,,,1.2,0.0,100.0,,0.0,,,,0,,100,,0,16,0,1,0.0,,,,,,,0,4,0,0,0,0,,,0,,0,0,0,0,,7,0,0,,0,,3,0,0,0,0,0,0,1,618,1,,,,,,,,,,,,,,,
22:52:51 1600577mS CD: CALL: 1.7.1 Deleted
22:52:51 1600577mS CMLineTx: v=1
CMReleaseComp
Line: type=Q931Line 1 Call: lid=1 id=7 in=1
Cause=1, Unallocated (unassigned) number
22:52:51 1600577mS CMCallEvt: 0a1e141e00000007 1.7.1 -1 Q931 Trunk:1 CHAN=1: StateChange: END=X CMCSDialInitiated->CMCSDelete
22:52:51 1600577mS CMCallEvt: 0000000000000000 0.1015.0 -1 BaseEP: DELETE CMEndpoint f19737b8 TOTAL NOW=1 CALL_LIST=0
22:52:51 1600577mS CMCallEvt: END CALL:7 (f19750c4)
22:52:51 1600578mS CMTARGET: ISDN BChannel 1: in-service check = 1
22:52:51 1600578mS CMTARGET: ISDN BChannel 1: in-service check = 1
22:52:51 1600578mS CD2: CALL:D 1.7.1,0.1015.0,7,,,,,,,,,,,,,,,,0,0,,0,,3,0,0,0,0,0,0,1,618,1
22:52:51 1600579mS CMTARGET: 0a1e141e00000007 1.7.1 -1 BaseEP: ~CMTargetHandler f196d5e0 ep f197573c
22:52:51 1600579mS CMCallEvt: 0a1e141e00000007 1.7.1 -1 BaseEP: DELETE CMEndpoint f197573c TOTAL NOW=0 CALL_LIST=0

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close