How to prevent toll-fraud on Cisco routers Consider an IOS Cisco router configured as a SIP gateway. Here there are four different ways to secure the system and allow only certain IP addresses (endpoint) to send and receive calls. To accomplish this task is important to trust the VoIP call sources and we'll be able to prevent toll-fraud attacks. ! ! The CLI command "ip address trusted list" (from 15.1(2)T). In this example only ! the IP address 192.168.30.252 is trusted to contact the SIP process. ! voice service voip ip address trusted list ipv4 192.168.30.252 allow-connections sip to sip fax protocol pass-through g711alaw sip ! ! The command "carrier-id source" can be used to bind a dial-peer to specific IP ! addresses. voice source-group Trust access-list 75 carrier-id source carrier1 ! ! With a translation-rule it is possible to create a prefix that act like ! a password for calls. This is a weak protection and you should use i