H.323 Cisco Spam Calls blocking

L0 Member

H.323 Cisco Spam Calls blocking

Hi,

 

I am trying find out if anyone has successfully (without the creation of a blacklist) blocked these spam calls. I opened a support ticket with Palo Alto and they suggested that I reach out to this board for help.

 

We are constantly getting our conference systems coming off sleep mode to respond to the calls.

 

There are few articles floading around the web in regards to this issues like the link below

 

http://www.videonationsltd.co.uk/2015/04/h-323-cisco-spam-calls/

 

I am sure this issue can be mitigated by a custom profile or signature.

 

Attached is a PCAP output from one of the packets. I am guessing if a custom signature can match a pattern in the PCAP output, we can block these annoying calls.

L1 Bithead

Re: H.323 Cisco Spam Calls blocking

Hello mkhavari,

 

I'm seeking a similar solution, but it seems a difficult thing to do. Here's my thread trying to filter on h323/h225 fields.

 

https://live.paloaltonetworks.com/t5/Custom-Signatures/h323-message-body-values/m-p/68702#U68702

 

Good luck!

 

Thanks,

Will

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!