10-02-2015 03:19 PM
Hi,
I am trying find out if anyone has successfully (without the creation of a blacklist) blocked these spam calls. I opened a support ticket with Palo Alto and they suggested that I reach out to this board for help.
We are constantly getting our conference systems coming off sleep mode to respond to the calls.
There are few articles floading around the web in regards to this issues like the link below
http://www.videonationsltd.co.uk/2015/04/h-323-cisco-spam-calls/
I am sure this issue can be mitigated by a custom profile or signature.
Attached is a PCAP output from one of the packets. I am guessing if a custom signature can match a pattern in the PCAP output, we can block these annoying calls.
11-26-2015 10:18 AM
Hello mkhavari,
I'm seeking a similar solution, but it seems a difficult thing to do. Here's my thread trying to filter on h323/h225 fields.
https://live.paloaltonetworks.com/t5/Custom-Signatures/h323-message-body-values/m-p/68702#U68702
Good luck!
Thanks,
Will
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
