H.323 ‘Cisco’ Spam Calls Alert – Latest Update 01/06/2015

It has come to our attention that numerous Videoconference (VC) systems have been receiving nuisance spam calls from a source system ID ‘Cisco’.

This new type of attack is getting initiated from a special tool installed on cloud hosted servers, and is automated to scan a random list of IP addresses on the H.323 VC protocol.

The spam calls show clear and real source IP address, and use the standard network port and VC protocol, similar to any legitimate call, which makes it difficult for the VC system to identify and block it.

The main four video conferencing venders (Cisco, Polycom, Lifesize and Avaya) are aware about this issue and are investigating it. We will provide an update once we get any further information.

Meanwhile, you can take one or more of the below actions to avoid nuisance calls:

    • Deploy a Traversal server (Videoconference Firewall) on your network to protect your system
    • Configure your firewall to block the source IP addresses (if known) – Please see below
    • Disable the ‘Auto Answer’ option on your system when you don’t need it
    • Enable ‘Do Not Disturb’ (if it is supported by your system) when you are not expecting any inbound call / additional participant joining a Multiway conference


Latest Update: (01/06/15)

Further to the previous updates regarding the Lifesize Antispam mechanism, Lifesize has release the software revision ‘LS_RM3_2.4.0‘.

Videonations has been testing it for the last few weeks, and we can confirm that it has successfully stopped all VC spam calls.

If you need further assistance call our support team directly on +44 0161 926 3050.


Update: (29/04/15)

Lifesize has already updated Lifesize-Cloud firmware with a new software revision that includes an AntiSpam feature. This feature is expected to be included in the next software revision of Lifesize Icon LS_RM3_2.4.0. AntiSpam mechanism based on Whitelist/Blacklist, by filtering source IP addresses and Domains on both H.323 and SIP protocols.

In addition, SIP Whitelist and Blacklist can filter SIP users/agents, and H.323 Whitelist can filter H.323 Ids (Vender Id Filtering) and H.323 Extension, and it can check the dialled digits.

Our investigation shows that the “Cisco” H.323 spam calls are generated from an open source PBX platform called Asterisk, therefore filtering vender Ids could successfully block them.



Additional IP Address Blacklist: (09/04/15)


Additional IP Address Blacklist: (21/01/15)


IP Address Blacklist: (06/11/14)