It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Phone System

Suspicious Zero Second Calls in the Call Detail Records

  • Last updated on

Understanding Suspicious Zero Second Calls

Some people or groups utilize a method of stealing phone time for profit called "grey routing." This is the process of routing calls through an exposed phone server in order to make the calls for free.  The Barracuda Phone System does not allow any inbound public calls to route back outbound without first being authenticated by the telephony engine (either via registration or via IP authorized sites), or by diverting an inbound call outbound via Find Me Forwarding. The Barracuda Phone System logs all call attempts, successful and unsuccessful, that reach the Server. These calls will not be successful, but they are noted so that a record of the attempt exists. There is no cause for concern when they are found.

Call Records with Destinations that would never Route on the PSTN

In addition to people or groups attempting to commit toll fraud by grey routing calls, there are still more people and entities that maliciously attempt to take PBXs such as the Barracuda Phone System offline by bombarding the unit with thousands of call attempts per second. This is an industry-wide problem. Even large ITSPs have been affected by these malicious parties.

Stop Suspicious Zero Second Calls

If you download the CSV file of the CDRs during or immediately after the event, the network_addr column displays the offending source IP address of the attacker. You can block this IP address at the edge firewall or directly via the Barracuda Phone System's built-in software firewall (if using the WAN interface) on the CONFIGURATION > Security page.

Another way to mitigate these attacks is by restricting access inbound on your edge firewall or the built-in software firewall (if using the WAN interface) to the Barracuda Phone System on port(s) UDP/TCP/5060 and UDP/TCP/5065 to only trusted IP addresses (i.e., signaling gateway of ITSP/SIP provider for port 5060 and remote IP addresses of all authorized users for port 5065). It can also be beneficial to limit access for unauthorized IP addresses to the web interface (tcp/80) and/or NTP server (udp/123) to further reduce DoS attack vectors.

Mitigating New Attacks

The Barracuda Phone System firmware is constantly being updated with new technologies that attempt to automatically block these types of attacks. However, it is a constant struggle and these types of attacks will continue to affect all IP-based PBXs for the foreseeable future.