We received great news from OBIHAI team today. Now Anveo customers will have built-in SIP Scanners protection out of the box.
Quote
The logic has been applied to new Anveo ASP configurations that will block the SIP scanner / ghost calls.
For existing customers, they will need to regenerate their profile for the fix to be applied.
If you are an existing customer and need to configure your OBI device to deal with annoying calls from SIP Scanners then you can just re-provision Anveo on your OBI device.
Here are steps:
1. Login into OBITALK
2. Click configure SP where you have Anveo configured
3. select Replace existing configuration
4. select Anveo
5. click 'Sign up at Anveo' button
6. When on Anveo portal click "re-provision device" link below 'Click to Get Stated' button
7. Authenticate yourself
8. Confirm re-provisioning
9. Done
How does this work?
I don't use OBiTalk Portal for provisioning. I use the OBi202 built-in web pages expert configuration. What are changes that I would need to do manually?
Thank you for offering this feature!
See method 4 of https://www.obitalk.com/forum/index.php?topic=5467.0
The easiest way to avoid SIP scanners is not to have your Obi reachable in the first place - as long as you don't port-forward 5060 to your adapter you don't have to worry about it. The problems start when users put their adapter in DMZ or port-forward - unnecessary and a security risk.
Quote from: nitzan on May 07, 2014, 01:03:34 AM
The easiest way to avoid SIP scanners is not to have your Obi reachable in the first place - as long as you don't port-forward 5060 to your adapter you don't have to worry about it. The problems start when users put their adapter in DMZ or port-forward - unnecessary and a security risk.
You are mistaken about that IMHO. Many/most home routers do not have the ability to do the more secure type of NAT such as Symmetric NAT. Port forwarding or DMZ may be the only available alternative.
If by simple, you mean to choose from a list of routers with or to install more sophisticated firmware on some existing routers instead of using port forwarding and DMZ, you could call that simple. The Oleg method is more what I would call simple, and to have the setup servers of OBiTalk set that up for you by default is simpler still.
Not true. If the provider is set up correctly then with most routers you do not need port forwarding or DMZ. All you need is for the provider to ignore the SIP headers and direct the traffic back the the IP and port it is coming from.
Quote from: nitzan on May 07, 2014, 06:35:47 AM
Not true. If the provider is set up correctly then with most routers you do not need port forwarding or DMZ. All you need is for the provider to ignore the SIP headers and direct the traffic back the the IP and port it is coming from.
The problem with SIP scanners hitting an OBi has nothing to do with the provider. The problem is in having a malicious third party sending packets directly to the OBi. The point is to get the OBi to not respond to those packets.
I agree with Nitzan. I'd rather have the scanner traffic not reach the OBi at all. As far as the scanners know, there is no VoIP device anywhere on my network.
With that said, it's good to hear that the default Anveo configuration rejects calls from scanners, for those who insist on forwarding port 5060.
I have a DD-WRT router and it has the ability to limit Port Forwarding to a specific IP address.
I need Port Forwarding on a port, so I specified the source IP address. Nobody else can access that port.
Not all routers have this option.
Quote from: AnveoRep on May 06, 2014, 08:09:02 PM
Here are steps:
1. Login into OBITALK
2. Click configure SP where you have Anveo configured
^^ That works
Quote from: AnveoRep on May 06, 2014, 08:09:02 PM
3. select Replace existing configuration
4. select Anveo
5. click 'Sign up at Anveo' button
6. When on Anveo portal click "re-provision device" link below 'Click to Get Stated' button
7. Authenticate yourself
8. Confirm re-provisioning
9. Done
There is no option to replace existing configuration in obi talk.
Step 3 should be to go to the Approved Service a Providers.
Step 5 has an alternate link to Restore existing Anveo account that also takes care of step 6
Personally I suggest you DELETE the existing provision FIRST.
I did this earlier with no problems (using my modifications).
Quote from: AlanB on May 07, 2014, 06:43:38 PM
Step 3 should be to go to the Approved Service a Providers.
Step 5 has an alternate link to Restore existing Anveo account that also takes care of step 6
Personally I suggest you DELETE the existing provision FIRST.
I did this earlier with no problems (using my modifications).
I'm not on the Anveo-Obi plan. I have my own account directly with Anveo. So I assume this whole thing doesn't apply to me.
I followed these steps and now my device is not connected, shows not connected in Anveo Dashboard and offline in Obi website. Frustrating
Did you delete existing provisioning first like in Step 10?
Quote from: MikeHObi on May 08, 2014, 09:59:27 AMI have my own account directly with Anveo. So I assume this whole thing doesn't apply to me.
I presume so.
You can check that the cure has been applied. You should have your Anveo account number contained within your SP
n Voice Service:Service->X_InboundCallRoute where SP
n represents the SP for your Anveo setup.
Quote from: AlanB on May 08, 2014, 05:47:30 PM
Did you delete existing provisioning first like in Step 10?
yes
Try it again. If still no luck you may have to do a factory reset.
Has anyone implemented the fix that the anveo rep described above exactly as written and proved it effective?
Quote from: AlanB on May 08, 2014, 07:16:25 PM
Try it again. If still no luck you may have to do a factory reset.
I deleted the device and did the hard factory reset. Reset up and now back working. Was not easy as this obi is at elderly relative house - trying to walk through steps of resetting with a paper clip. It is working now; lets see if setup also stops the spam SIP scanners.
I submitted support ticket to Anveo; not answered yet.