cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Anonymous
Not applicable

Trunk Calls from Adtran TA 908

Hello,

I have a customer that is reporting errant calls from the trunk side of their phone system, and an Adtran 908 2nd Gen is being used as their SIP to PRI. I don't see anything from the Adtran side that would suggest there has been any compromise or any logs of calls from the Adtran side. Can someone take a look at this config and see if there is anything unusual or would suggest a compromise? Thank you!

!

!

!

!

hostname "Host"

enable password ------

!

!

ip subnet-zero

ip classless

ip routing

!

!

ip domain-name "Domain"

ip domain-proxy

ip name-server 8.8.8.8

!

!

no auto-config

!

event-history on

no logging forwarding

no logging email

!

no service password-encryption

!

username "user" password "------"

!

!

!

no ip firewall alg msn

no ip firewall alg h323

!

!

!

!

!

no dot11ap access-point-control

!

!

!

!

!

!

!

!

!

!

!

!

interface eth 0/1

  ip address  -.-.-.-  -.-.-.-

  media-gateway ip primary

  no shutdown

!

!

!

!

interface t1 0/1

  description Not used

  tdm-group 1 timeslots 1-24 speed 64

  shutdown

!

interface t1 0/2

  description PRI Port

  tdm-group 1 timeslots 1-24 speed 64

  no shutdown

!

!

interface pri 1

  connect t1 0/2 tdm-group 1

  role network b-channel-restarts disable

  no shutdown

!

!

interface fxs 0/1

  no shutdown

!

interface fxs 0/2

  no shutdown

!

interface fxs 0/3

  no shutdown

!

interface fxs 0/4

  no shutdown

!

interface fxs 0/5

  no shutdown

!

interface fxs 0/6

  no shutdown

!

interface fxs 0/7

  no shutdown

!

interface fxs 0/8

  no shutdown

!

!

isdn-group 1

  connect pri 1

!

!

!

!

!

!

!

!

!

ip route 0.0.0.0 0.0.0.0 -.-.-.-

!

no ip tftp server

no ip tftp server overwrite

ip http server

no ip http secure-server

no ip snmp agent

no ip ftp server

no ip scp server

no ip sntp server

!

!

!

!

!

!

!

!

voice feature-mode network

voice forward-mode network

!

!

!

!

!

voice dial-plan 1 local NXX-NXX-XXXX

!

!

!

!

!

voice codec-list trunk

  codec g711ulaw

  codec g729

!

!

voice trunk T01 type sip

  description "Provider"

  sip-server primary (server)

  authentication username "user" password "------"

  sip-keep-alive options 120

  register user auth-name "user" password "------"

  trust-domain

  codec-group trunk

!

voice trunk T02 type isdn

  resource-selection circular descending

  connect isdn-group 1

  modem-passthrough

  t38

  rtp delay-mode adaptive

!

!

voice grouped-trunk SIP

  no description

  trunk T01

  accept $ cost 0

  accept NXX-NXX-XXXX cost 0

  accept 1-NXX-NXX-XXXX cost 0

  accept 1-800-NXX-XXXX cost 0

  accept 1-888-NXX-XXXX cost 0

  accept 1-877-NXX-XXXX cost 0

  accept 1-866-NXX-XXXX cost 0

  accept 1-855-NXX-XXXX cost 0

  accept 911 cost 0

  accept 10-10-XXX-$ cost 0

  accept 411 cost 0

  accept 611 cost 0

  reject 011-$

  reject X-011-$

  reject XX-011-$

  reject XXX-011-$

  reject NXX-976-XXXX

  reject 1-900-NXX-XXXX

  reject 1-976-NXX-XXXX

!

!

voice grouped-trunk PRI

  description "** Connect calls to - from PRI **"

  trunk T02

  accept $ cost 10

  accept NXX-NXX-XXXX cost 0

  accept 1-NXX-NXX-XXXX cost 0

  accept 1-800-NXX-XXXX cost 0

  accept 1-888-NXX-XXXX cost 0

  accept 1-877-NXX-XXXX cost 0

  accept 1-866-NXX-XXXX cost 0

  accept 1-855-NXX-XXXX cost 0

  accept 411 cost 0

  accept 611 cost 0

  accept 911 cost 0

  accept 10-10-XXX-$ cost 0

  reject NXX-976-XXXX

  reject 1-900-NXX-XXXX

  reject 1-976-NXX-XXXX

  reject 011-$

  reject X-011-$

  reject XX-011-$

  reject XXX-011-$

!

!

!

!

!

!

ip sip

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

line con 0

  login

!

line telnet 0 4

  login

  password ------

  no shutdown

line ssh 0 4

  login local-userlist

  no shutdown

!

!

end

Labels (3)
0 Kudos
1 Reply
jayh
Honored Contributor
Honored Contributor

Re: Trunk Calls from Adtran TA 908

Are the errant calls typically to/from numbers like 100, 1000, 1234, etc.? Could be SIP Vicious or friendly-scanner.

Create an IP access list containing the address(es) of your SIP provider. Apply it to the SIP process. For example:

ip access-list standard sip-access

permit x.x.x.x y.y.y.y ! (IP address of your SIP provider listed as sip-server primary)

Apply that list to the SIP services on the device.

ip sip access-class sip-access in

Also, I'd clean up the voice grouped-trunk PRI to only include the numbers or ranges that are valid users of the PBX. For example, if it accepts 311-555-23XX modify as follows:

voice grouped-trunk PRI

  description "** Connect calls to - from PRI **"

  trunk T02

  accept 311-555-23XX cost 0