Re: [cisco-voip] Cisco Jabber, UDS, High CPU

2018-04-16 Thread ROZA, Ariel 
Hi, Ryan.

CUCM/Presence  is 11.5 SU2. If those messages appear in the default log level, 
I haven´t seen any.
And I am not sure the bug applies, as I havn´t been told of any general 
degradation, besides the 20-min CPU spike.
As a fix/workaround I asked my customer to add multiple SRV records for 
cisco-uds. (they have only one, pointing to the affected subscriber).
The internal Jabber clients use EDI, but all the cucm-uds calls come from the 
Expressway and MRA Jabber clients.

Regards,

Ariel.

De: Ryan Ratliff (rratliff) [mailto:rratl...@cisco.com]
Enviado el: lunes, 16 de abril de 2018 01:26 p.m.
Para: ROZA, Ariel 
CC: cisco-voip list 
Asunto: Re: [cisco-voip] Cisco Jabber, UDS, High CPU

What version of UCM are you on? If it’s 11.5 SU3 check informix ccm.log for 
something like this:
23:13:59 SCHAPI: last statement aus_refresh_stats(integer,integer)
23:13:59 SCHAPI: [Auto Update Statistics Refresh 43-2] Error -217 Column 
(aus_cmd_dbs_priority) not found in any table in the query (or SLV is 
undefined).

This is CSCva78144.

I ask because I’m pretty sure one of those last two numbers is the time taken 
to process the request, and neither of those are a good number.

-Ryan

On Apr 13, 2018, at 2:22 PM, ROZA, Ariel 
> wrote:

Hi, guys and gals.

I am trying to troubleshoot a High CPU Alarm on a CUCM Subscriber:

I ran the “utils diagnose test” command and got warnings on the tomcat_sessions 
module. gathered all the  tomcats logs around the time of the event and found 
lots of  GET /cucm-uds/users HTTP/1.1 200 1383 1611 queries.

In the Bug Search tool I found several bugs for old jabber versions regarding 
this, one enhancement request but no fixes.

I was wondering if it is possible to load balance the UDS queries around the 
cluster using several DNS SRV records for _cisco-uds._tcp with the same 
priority /weight to load balance the queries, or if this breaks functionality, 
somehow. The only examples I found are ones with different weight/priority.

Regards,

Ariel Roza
Collaboration Support Engineer
t: +54 11 5282-0458
c: +54 9 11 5017-4417 webex: 
http://logicalis-la.webex.com/join/ariel.roza
Av. Belgrano 955 – Piso 20 – CABA – Argentina – C1092AAJ
www.la.logicalis.com
_
Business and technology working as one





 

 


Logicalis Argentina S.A. solo puede ser obligado por sus representantes legales 
conforme los límites establecidos en el acto constitutivo y la legislación en 
vigor.
El contenido del presente correo electrónico e inclusive sus anexos contienen 
información confidencial.
El mismo no puede ser divulgado y/o utilizado por cualquiera otro distinto al 
destinatario, ni puede ser copiado de cualquier forma.

___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Robo Call DoS

2018-04-16 Thread Ryan Huff 
Is it the same CALLED number? While this is service impacting, if the customer 
can live without the number for a few hours here is what has worked for me ...

Take the number and run it to an IVR (Unity Connections or UCCX are common 
Cisco options). The IVR simply plays the SIT (special information tone) for a 
busy circuit which can be downloaded here: http://www.yourhomenow.com/sit.html 
and dumps the call.

True robo dialer bots are autonomous and usually listen for SIT; when they hear 
“circuit busy” (the three bings of death that play at a particular frequency) 
they usually blacklist the called number on their index so they don’t keep 
burning cycles and are more effective for the bot owner.

I’ve also used a 30 second sample of Rick Astley’s, “Never gonna give you up” 
in place of SIT, when I feel like “Rick Rolling” the bot  a little way to 
vent frustration on a bot :). Rick rolling isn’t something you can usually do 
with customer facing numbers though :(; circuit busy SIT is easier to explain 
away.

You can try legal and carrier options but generally you just want it to stop in 
the quickest way possible and this has done it for me several times before.

Thanks,

Ryan

On Apr 16, 2018, at 11:42, Bill Talley 
> wrote:

I’m sure you’ve already considered this, but I wonder, with everything being 
back-hauled over IP these days, if their telco would be able to identify the 
IXC who is handing off the call to them, based on the logs for the original 
calling party number they blocked, and blacklist that address.  Sure that 
sounds extreme (voice is more critical them SMTP), but you’re also talking 
about criminal activity.


Sent from an iOS device with very tiny touchscreen input keys.  Please excude 
my typtos.

On Apr 16, 2018, at 10:23 AM, Anthony Holloway 
> wrote:

Technically or legally?

How does one stop a DoS attack on a network?  Or on anything for that matter?  
Say you were attending a protest, and someone is blowing an air horn in your 
ear?  What can you do?

Technically, you could front end the whole thing with a captcha style gate, so 
you could ask to push a single button, button combination, or solve a simple 
addition problem resulting in two digits.  granted, just like on the web, a 
captcha is burdensome to the user, but generally, it's preferable over the site 
being down, or disrupted.

CUC and UCCX both could handle this task, though it would be easier in UCCX.

On Mon, Apr 16, 2018 at 9:49 AM Matthew Loraditch 
> 
wrote:
So this is a curiosity question, we had a prospective client call us who is 
essentially getting robocalled to oblivion. Some scammer has robo dialers setup 
and is flooding all of their trunks. He got a ransom, stopped and then started 
again. He was originally using one number and then when the telco blocked that 
switching to random sources.
Are there are any legitimate defenses to this sort of thing?

Matthew Loraditch​
Sr. Network Engineer

p: 443.541.1518


w: www.heliontechnologies.com|  
e: mloradi...@heliontechnologies.com

[cid:image164818.png@93BA584B.3B5FAD34]

[Facebook]

[Twitter]

[LinkedIn]





___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Cisco Jabber, UDS, High CPU

2018-04-16 Thread Ryan Ratliff (rratliff) 
What version of UCM are you on? If it’s 11.5 SU3 check informix ccm.log for 
something like this:
23:13:59 SCHAPI: last statement aus_refresh_stats(integer,integer)
23:13:59 SCHAPI: [Auto Update Statistics Refresh 43-2] Error -217 Column 
(aus_cmd_dbs_priority) not found in any table in the query (or SLV is 
undefined).

This is CSCva78144.

I ask because I’m pretty sure one of those last two numbers is the time taken 
to process the request, and neither of those are a good number.

-Ryan

On Apr 13, 2018, at 2:22 PM, ROZA, Ariel 
> wrote:

Hi, guys and gals.

I am trying to troubleshoot a High CPU Alarm on a CUCM Subscriber:

I ran the “utils diagnose test” command and got warnings on the tomcat_sessions 
module. gathered all the  tomcats logs around the time of the event and found 
lots of  GET /cucm-uds/users HTTP/1.1 200 1383 1611 queries.

In the Bug Search tool I found several bugs for old jabber versions regarding 
this, one enhancement request but no fixes.

I was wondering if it is possible to load balance the UDS queries around the 
cluster using several DNS SRV records for _cisco-uds._tcp with the same 
priority /weight to load balance the queries, or if this breaks functionality, 
somehow. The only examples I found are ones with different weight/priority.

Regards,

Ariel Roza
Collaboration Support Engineer
t: +54 11 5282-0458
c: +54 9 11 5017-4417 webex: http://logicalis-la.webex.com/join/ariel.roza
Av. Belgrano 955 – Piso 20 – CABA – Argentina – C1092AAJ
www.la.logicalis.com
_
Business and technology working as one




 
 


Logicalis Argentina S.A. solo puede ser obligado por sus representantes legales 
conforme los límites establecidos en el acto constitutivo y la legislación en 
vigor.
El contenido del presente correo electrónico e inclusive sus anexos contienen 
información confidencial.
El mismo no puede ser divulgado y/o utilizado por cualquiera otro distinto al 
destinatario, ni puede ser copiado de cualquier forma.

___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Robo Call DoS

2018-04-16 Thread Bill Talley 
I’m sure you’ve already considered this, but I wonder, with everything being 
back-hauled over IP these days, if their telco would be able to identify the 
IXC who is handing off the call to them, based on the logs for the original 
calling party number they blocked, and blacklist that address.  Sure that 
sounds extreme (voice is more critical them SMTP), but you’re also talking 
about criminal activity.

Sent from an iOS device with very tiny touchscreen input keys.  Please excude 
my typtos.

> On Apr 16, 2018, at 10:23 AM, Anthony Holloway 
>  wrote:
> 
> Technically or legally?
> 
> How does one stop a DoS attack on a network?  Or on anything for that matter? 
>  Say you were attending a protest, and someone is blowing an air horn in your 
> ear?  What can you do?
> 
> Technically, you could front end the whole thing with a captcha style gate, 
> so you could ask to push a single button, button combination, or solve a 
> simple addition problem resulting in two digits.  granted, just like on the 
> web, a captcha is burdensome to the user, but generally, it's preferable over 
> the site being down, or disrupted.
> 
> CUC and UCCX both could handle this task, though it would be easier in UCCX.
> 
>> On Mon, Apr 16, 2018 at 9:49 AM Matthew Loraditch 
>>  wrote:
>> So this is a curiosity question, we had a prospective client call us who is 
>> essentially getting robocalled to oblivion. Some scammer has robo dialers 
>> setup and is flooding all of their trunks. He got a ransom, stopped and then 
>> started again. He was originally using one number and then when the telco 
>> blocked that switching to random sources.
>> 
>> Are there are any legitimate defenses to this sort of thing?
>> 
>>  
>> Matthew Loraditch​
>> Sr. Network Engineer
>> p: 443.541.1518
>> w: www.heliontechnologies.com |  e: 
>> mloradi...@heliontechnologies.com
>> 
>> 
>> 
>> 
>> ___
>> cisco-voip mailing list
>> cisco-voip@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
> ___
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Robo Call DoS

2018-04-16 Thread sweeper1 
There is a product that does exactly this.
SecureLogix.  They use the acronym TDOS
(Telephony denial of service)
It also provides other benefits but TDOS attacks are the only reason I have
sold it in the past.

Steve Brickhouse

On Mon, Apr 16, 2018 at 9:49 AM Matthew Loraditch <
mloradi...@heliontechnologies.com> wrote:

> So this is a curiosity question, we had a prospective client call us who
> is essentially getting robocalled to oblivion. Some scammer has robo
> dialers setup and is flooding all of their trunks. He got a ransom, stopped
> and then started again. He was originally using one number and then when
> the telco blocked that switching to random sources.
>
> Are there are any legitimate defenses to this sort of thing?
>
> Matthew Loraditch​
> Sr. Network Engineer
> p: *443.541.1518* <443.541.1518>
> w: *www.heliontechnologies.com*   |
> e: *mloradi...@heliontechnologies.com* 
> [image: Facebook] 
> [image: Twitter] 
> [image: LinkedIn] 
> ___
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Robo Call DoS

2018-04-16 Thread Matthew Loraditch 
Technically. For a network there is gear that can do it. Radware among one of 
them and the one we use via our carrier and it works. An effective defense has 
to have a larger pipe somewhere with mitigation services at a capacity well 
above your capacity.

I don’t think the CAPTCHA would work, the person just calls and calls tying up 
the available trunks. You’d need the CAPTCHA to be on the attacker’s end. Based 
on the description I got they aren’t caring about an answer they are 
essentially just trying to keep the lines always busy.


Matthew Loraditch
Sr. Network Engineer
p: 443.541.1518
w: www.heliontechnologies.com | e: mloradi...@heliontechnologies.com
From: Anthony Holloway 
Sent: Monday, April 16, 2018 11:23 AM
To: Matthew Loraditch 
Cc: cisco-voip@puck.nether.net
Subject: Re: [cisco-voip] Robo Call DoS

Technically or legally?

How does one stop a DoS attack on a network?  Or on anything for that matter?  
Say you were attending a protest, and someone is blowing an air horn in your 
ear?  What can you do?

Technically, you could front end the whole thing with a captcha style gate, so 
you could ask to push a single button, button combination, or solve a simple 
addition problem resulting in two digits.  granted, just like on the web, a 
captcha is burdensome to the user, but generally, it's preferable over the site 
being down, or disrupted.

CUC and UCCX both could handle this task, though it would be easier in UCCX.

On Mon, Apr 16, 2018 at 9:49 AM Matthew Loraditch 
> 
wrote:
So this is a curiosity question, we had a prospective client call us who is 
essentially getting robocalled to oblivion. Some scammer has robo dialers setup 
and is flooding all of their trunks. He got a ransom, stopped and then started 
again. He was originally using one number and then when the telco blocked that 
switching to random sources.
Are there are any legitimate defenses to this sort of thing?


Matthew Loraditch​

Sr. Network Engineer


p: 443.541.1518



w: www.heliontechnologies.com

 |

e: mloradi...@heliontechnologies.com


[cid:image164818.png@93BA584B.3B5FAD34]


[Facebook]


[Twitter]


[LinkedIn]






___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Robo Call DoS

2018-04-16 Thread Balk, David 
I have had this happen a few times in the past.

Scenario:

·Pay day loan scam, the caller knew the users name and work number, 
demanded to talk to them to get them to pay.  When refused, they sent 4 or 5 
simultaneous calls to the users work number (usually main department numbers) 
tying up that department.

Created a UCCX script that compared the callers ANI to a list of known ANIs 
that they were using, if it matched, it would answer and play a 30 second busy 
signal wav file.  The reason for answering was to tie up all of their calls and 
not actually ending them.  In our experience they never used more than a 
handful at the same time.

If the call did not match the list of known ANIs, then the call went to a menu 
where the caller would have to enter a digit to be connected.  This stopped the 
robo calls from getting through to the actual user or department. I built it 
with text to speech for the digit incase I needed to switch the digit on the 
fly without having the user re-record the greeting.  It never came to that 
level of need.

The menu does not stop the actual caller from pressing the digit and trying to 
get their money, but it does stop the robo calls.

This was back in the MGCP/PRI days.

From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of 
Matthew Loraditch
Sent: Monday, April 16, 2018 9:45 AM
To: cisco-voip@puck.nether.net
Subject: [cisco-voip] Robo Call DoS

So this is a curiosity question, we had a prospective client call us who is 
essentially getting robocalled to oblivion. Some scammer has robo dialers setup 
and is flooding all of their trunks. He got a ransom, stopped and then started 
again. He was originally using one number and then when the telco blocked that 
switching to random sources.
Are there are any legitimate defenses to this sort of thing?


Matthew Loraditch​

Sr. Network Engineer


p: 443.541.1518



w: www.heliontechnologies.com

 |

e: mloradi...@heliontechnologies.com


[cid:image001.png@01D3D56C.820E8410]


[Facebook]


[Twitter]


[LinkedIn]







This message and any included attachments are intended only for the addressee. 
The information contained in this message is confidential and may constitute 
proprietary or non-public information under international, federal, or state 
laws. Unauthorized forwarding, printing, copying, distribution, or use of such 
information is strictly prohibited and may be unlawful. If you are not the 
addressee, please promptly delete this message and notify the sender of the 
delivery error by e-mail.
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Robo Call DoS

2018-04-16 Thread Anthony Holloway 
Technically or legally?

How does one stop a DoS attack on a network?  Or on anything for that
matter?  Say you were attending a protest, and someone is blowing an air
horn in your ear ?  What can you do?

Technically, you could front end the whole thing with a captcha style gate,
so you could ask to push a single button, button combination, or solve a
simple addition problem resulting in two digits.  granted, just like on the
web, a captcha is burdensome to the user, but generally, it's preferable
over the site being down, or disrupted.

CUC and UCCX both could handle this task, though it would be easier in UCCX.

On Mon, Apr 16, 2018 at 9:49 AM Matthew Loraditch <
mloradi...@heliontechnologies.com> wrote:

> So this is a curiosity question, we had a prospective client call us who
> is essentially getting robocalled to oblivion. Some scammer has robo
> dialers setup and is flooding all of their trunks. He got a ransom, stopped
> and then started again. He was originally using one number and then when
> the telco blocked that switching to random sources.
>
> Are there are any legitimate defenses to this sort of thing?
>
> Matthew Loraditch​
> Sr. Network Engineer
> p: *443.541.1518* <443.541.1518>
> w: *www.heliontechnologies.com*   |
> e: *mloradi...@heliontechnologies.com* 
> [image: Facebook] 
> [image: Twitter] 
> [image: LinkedIn] 
> ___
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

[cisco-voip] Robo Call DoS

2018-04-16 Thread Matthew Loraditch 
So this is a curiosity question, we had a prospective client call us who is 
essentially getting robocalled to oblivion. Some scammer has robo dialers setup 
and is flooding all of their trunks. He got a ransom, stopped and then started 
again. He was originally using one number and then when the telco blocked that 
switching to random sources.
Are there are any legitimate defenses to this sort of thing?

Matthew Loraditch
Sr. Network Engineer
p: 443.541.1518
w: www.heliontechnologies.com | e: mloradi...@heliontechnologies.com
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

[cisco-voip] WFO Call Recording issue.

2018-04-16 Thread Andy Carse 
Hi,
I'm looking for some pointers hopefully on this issue.

We have a uccx 10.6 deployment and have recently moved to a new SIP Trunk
from BT, which is fine, but I have an issue with Call Recording and I seem
to be chasing my tail on it.

Orinal calls where presented via a PSTN connection over E1's and in Call
recording the Calling Number (Agents phone) and Called Number (PSTN Call)
populated correctly, but since the migration the Called number and Calling
number are shown as the Agents Phone, which is upsetting the Supervisors as
they can't distinguish calls from one another.

On the Agents Extension I have Forwarded Call info Caller Name and Dialed
Number ticked
On the CTI Rout Point  I have Forwarded Call info Caller Name and Dialed
Number ticked
On the CTI Port  I have Forwarded Call info Caller Name and Dialed Number
ticked

Any pointers welcomed.

Rgds Andy
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip