1 Reply Latest reply on Dec 13, 2019 12:34 PM by jayh

    Trunk Calls from Adtran TA 908

    cwqwest New Member

      Hello,

       

      I have a customer that is reporting errant calls from the trunk side of their phone system, and an Adtran 908 2nd Gen is being used as their SIP to PRI. I don't see anything from the Adtran side that would suggest there has been any compromise or any logs of calls from the Adtran side. Can someone take a look at this config and see if there is anything unusual or would suggest a compromise? Thank you!

       

      !

      !

      !

      !

      hostname "Host"

      enable password ------

      !

      !

      ip subnet-zero

      ip classless

      ip routing

      !

      !

      ip domain-name "Domain"

      ip domain-proxy

      ip name-server 8.8.8.8

      !

      !

      no auto-config

      !

      event-history on

      no logging forwarding

      no logging email

      !

      no service password-encryption

      !

      username "user" password "------"

      !

      !

      !

      no ip firewall alg msn

      no ip firewall alg h323

      !

      !

      !

      !

      !

      no dot11ap access-point-control

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      interface eth 0/1

        ip address  -.-.-.-  -.-.-.-

        media-gateway ip primary

        no shutdown

      !

      !

      !

      !

      interface t1 0/1

        description Not used

        tdm-group 1 timeslots 1-24 speed 64

        shutdown

      !

      interface t1 0/2

        description PRI Port

        tdm-group 1 timeslots 1-24 speed 64

        no shutdown

      !

      !

      interface pri 1

        connect t1 0/2 tdm-group 1

        role network b-channel-restarts disable

        no shutdown

      !

      !

      interface fxs 0/1

        no shutdown

      !

      interface fxs 0/2

        no shutdown

      !

      interface fxs 0/3

        no shutdown

      !

      interface fxs 0/4

        no shutdown

      !

      interface fxs 0/5

        no shutdown

      !

      interface fxs 0/6

        no shutdown

      !

      interface fxs 0/7

        no shutdown

      !

      interface fxs 0/8

        no shutdown

      !

      !

      isdn-group 1

        connect pri 1

      !

      !

      !

      !

      !

      !

      !

      !

      !

      ip route 0.0.0.0 0.0.0.0 -.-.-.-

      !

      no ip tftp server

      no ip tftp server overwrite

      ip http server

      no ip http secure-server

      no ip snmp agent

      no ip ftp server

      no ip scp server

      no ip sntp server

      !

      !

      !

      !

      !

      !

      !

      !

      voice feature-mode network

      voice forward-mode network

      !

      !

      !

      !

      !

      voice dial-plan 1 local NXX-NXX-XXXX

      !

      !

      !

      !

      !

      voice codec-list trunk

        codec g711ulaw

        codec g729

      !

      !

      voice trunk T01 type sip

        description "Provider"

        sip-server primary (server)

        authentication username "user" password "------"

        sip-keep-alive options 120

        register user auth-name "user" password "------"

        trust-domain

        codec-group trunk

      !

      voice trunk T02 type isdn

        resource-selection circular descending

        connect isdn-group 1

        modem-passthrough

        t38

        rtp delay-mode adaptive

      !

      !

      voice grouped-trunk SIP

        no description

        trunk T01

        accept $ cost 0

        accept NXX-NXX-XXXX cost 0

        accept 1-NXX-NXX-XXXX cost 0

        accept 1-800-NXX-XXXX cost 0

        accept 1-888-NXX-XXXX cost 0

        accept 1-877-NXX-XXXX cost 0

        accept 1-866-NXX-XXXX cost 0

        accept 1-855-NXX-XXXX cost 0

        accept 911 cost 0

        accept 10-10-XXX-$ cost 0

        accept 411 cost 0

        accept 611 cost 0

        reject 011-$

        reject X-011-$

        reject XX-011-$

        reject XXX-011-$

        reject NXX-976-XXXX

        reject 1-900-NXX-XXXX

        reject 1-976-NXX-XXXX

      !

      !

      voice grouped-trunk PRI

        description "** Connect calls to - from PRI **"

        trunk T02

        accept $ cost 10

        accept NXX-NXX-XXXX cost 0

        accept 1-NXX-NXX-XXXX cost 0

        accept 1-800-NXX-XXXX cost 0

        accept 1-888-NXX-XXXX cost 0

        accept 1-877-NXX-XXXX cost 0

        accept 1-866-NXX-XXXX cost 0

        accept 1-855-NXX-XXXX cost 0

        accept 411 cost 0

        accept 611 cost 0

        accept 911 cost 0

        accept 10-10-XXX-$ cost 0

        reject NXX-976-XXXX

        reject 1-900-NXX-XXXX

        reject 1-976-NXX-XXXX

        reject 011-$

        reject X-011-$

        reject XX-011-$

        reject XXX-011-$

      !

      !

      !

      !

      !

      !

      ip sip

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      line con 0

        login

      !

      line telnet 0 4

        login

        password ------

        no shutdown

      line ssh 0 4

        login local-userlist

        no shutdown

      !

      !

      end

        • Re: Trunk Calls from Adtran TA 908
          jayh Hall_of_Fame

          Are the errant calls typically to/from numbers like 100, 1000, 1234, etc.? Could be SIP Vicious or friendly-scanner.

           

          Create an IP access list containing the address(es) of your SIP provider. Apply it to the SIP process. For example:

           

          ip access-list standard sip-access

          permit x.x.x.x y.y.y.y ! (IP address of your SIP provider listed as sip-server primary)

           

          Apply that list to the SIP services on the device.

           

          ip sip access-class sip-access in

           

          Also, I'd clean up the voice grouped-trunk PRI to only include the numbers or ranges that are valid users of the PBX. For example, if it accepts 311-555-23XX modify as follows:

           

          voice grouped-trunk PRI

            description "** Connect calls to - from PRI **"

            trunk T02

            accept 311-555-23XX cost 0