OBiTALK Community

Region Specific Technical / Service Provider Support => North America - Including Google Voice, Skype, etc. => Topic started by: AnveoRep on May 06, 2014, 08:09:02 PM

Title: Anveo customers now get built-in SIP Scanners protection
Post by: AnveoRep on May 06, 2014, 08:09:02 PM
We received great news from OBIHAI team today. Now Anveo customers will have built-in SIP Scanners protection out of the box.

Quote
The logic has been applied to new Anveo ASP configurations that will block the SIP scanner / ghost calls.
For existing customers, they will need to regenerate their profile for the fix to be applied.

If you are an existing customer and need to configure your OBI device to deal with annoying calls from SIP Scanners then you can just re-provision Anveo on your OBI device.
Here are steps:
1. Login into OBITALK
2. Click configure SP where you have Anveo configured
3. select Replace existing configuration
4. select Anveo
5. click 'Sign up at Anveo' button
6. When on Anveo portal click "re-provision device" link below 'Click to Get Stated' button
7. Authenticate yourself
8. Confirm re-provisioning
9. Done
Title: Re: Anveo customers now get built-in SIP Scanners protection
Post by: JJ97 on May 06, 2014, 10:06:45 PM
How does this work?

I don't use OBiTalk Portal for provisioning.  I use the OBi202 built-in web pages expert configuration.  What are  changes that I would need to do manually?

Thank you for offering this feature!
Title: Re: Anveo customers now get built-in SIP Scanners protection
Post by: Shale on May 06, 2014, 10:09:41 PM
See method 4 of https://www.obitalk.com/forum/index.php?topic=5467.0
Title: Re: Anveo customers now get built-in SIP Scanners protection
Post by: nitzan on May 07, 2014, 01:03:34 AM
The easiest way to avoid SIP scanners is not to have your Obi reachable in the first place - as long as you don't port-forward 5060 to your adapter you don't have to worry about it. The problems start when users put their adapter in DMZ or port-forward - unnecessary and a security risk.
Title: Re: Anveo customers now get built-in SIP Scanners protection
Post by: Shale on May 07, 2014, 06:15:15 AM
Quote from: nitzan on May 07, 2014, 01:03:34 AM
The easiest way to avoid SIP scanners is not to have your Obi reachable in the first place - as long as you don't port-forward 5060 to your adapter you don't have to worry about it. The problems start when users put their adapter in DMZ or port-forward - unnecessary and a security risk.

You are mistaken about that IMHO. Many/most home routers do not have the ability to do the more secure type of NAT such as Symmetric NAT. Port forwarding or DMZ may be  the only available alternative.

If by simple, you mean to choose from a list of routers with  or to install more sophisticated firmware on some existing routers instead of using port forwarding and DMZ, you could call that simple. The Oleg method is more what I would call simple, and to have the setup servers of OBiTalk set that up for you by default is simpler still.
Title: Re: Anveo customers now get built-in SIP Scanners protection
Post by: nitzan on May 07, 2014, 06:35:47 AM
Not true. If the provider is set up correctly then with most routers you do not need port forwarding or DMZ. All you need is for the provider to ignore the SIP headers and direct the traffic back the the IP and port it is coming from.
Title: Re: Anveo customers now get built-in SIP Scanners protection
Post by: Shale on May 07, 2014, 07:34:30 AM
Quote from: nitzan on May 07, 2014, 06:35:47 AM
Not true. If the provider is set up correctly then with most routers you do not need port forwarding or DMZ. All you need is for the provider to ignore the SIP headers and direct the traffic back the the IP and port it is coming from.
The problem with SIP scanners hitting an OBi has nothing to do with the provider. The problem is in having a malicious third party sending packets directly to the OBi. The point is to get the OBi to not respond to those packets.
Title: Re: Anveo customers now get built-in SIP Scanners protection
Post by: Mango on May 07, 2014, 09:34:47 AM
I agree with Nitzan.  I'd rather have the scanner traffic not reach the OBi at all.  As far as the scanners know, there is no VoIP device anywhere on my network.

With that said, it's good to hear that the default Anveo configuration rejects calls from scanners, for those who insist on forwarding port 5060.
Title: Re: Anveo customers now get built-in SIP Scanners protection
Post by: azrobert on May 07, 2014, 09:59:52 AM
I have a DD-WRT router and it has the ability to limit Port Forwarding to a specific IP address.

I need Port Forwarding on a port, so I specified the source IP address. Nobody else can access that port.


Not all routers have this option.
Title: Re: Anveo customers now get built-in SIP Scanners protection
Post by: MikeHObi on May 07, 2014, 06:28:31 PM
Quote from: AnveoRep on May 06, 2014, 08:09:02 PM

Here are steps:
1. Login into OBITALK
2. Click configure SP where you have Anveo configured
^^ That works

Quote from: AnveoRep on May 06, 2014, 08:09:02 PM
3. select Replace existing configuration
4. select Anveo
5. click 'Sign up at Anveo' button
6. When on Anveo portal click "re-provision device" link below 'Click to Get Stated' button
7. Authenticate yourself
8. Confirm re-provisioning
9. Done

There is no option to replace existing configuration in obi talk.
Title: Re: Anveo customers now get built-in SIP Scanners protection
Post by: AlanB on May 07, 2014, 06:43:38 PM
Step 3 should be to go to the Approved Service a Providers.
Step 5 has an alternate link to  Restore existing Anveo account that also takes care of step 6

Personally I suggest you DELETE the existing provision FIRST.

I did this earlier with no problems (using my modifications).
Title: Re: Anveo customers now get built-in SIP Scanners protection
Post by: MikeHObi on May 08, 2014, 09:59:27 AM
Quote from: AlanB on May 07, 2014, 06:43:38 PM
Step 3 should be to go to the Approved Service a Providers.
Step 5 has an alternate link to  Restore existing Anveo account that also takes care of step 6

Personally I suggest you DELETE the existing provision FIRST.

I did this earlier with no problems (using my modifications).

I'm not on the Anveo-Obi plan.  I have my own account directly with Anveo.  So I assume this whole thing doesn't apply to me.
Title: Re: Anveo customers now get built-in SIP Scanners protection
Post by: wadewood on May 08, 2014, 05:37:53 PM
I followed these steps and now my device is not connected, shows not connected in Anveo Dashboard and offline in Obi website.  Frustrating
Title: Re: Anveo customers now get built-in SIP Scanners protection
Post by: AlanB on May 08, 2014, 05:47:30 PM
Did you delete existing provisioning first like in Step 10?
Title: Re: Anveo customers now get built-in SIP Scanners protection
Post by: Shale on May 08, 2014, 06:21:12 PM
Quote from: MikeHObi on May 08, 2014, 09:59:27 AMI have my own account directly with Anveo.  So I assume this whole thing doesn't apply to me.
I presume so.

You can check that the cure has been applied. You should have your Anveo account number contained within your SPn Voice Service:Service->X_InboundCallRoute  where SPn represents the SP for your Anveo setup.
Title: Re: Anveo customers now get built-in SIP Scanners protection
Post by: wadewood on May 08, 2014, 07:07:26 PM
Quote from: AlanB on May 08, 2014, 05:47:30 PM
Did you delete existing provisioning first like in Step 10?
yes
Title: Re: Anveo customers now get built-in SIP Scanners protection
Post by: AlanB on May 08, 2014, 07:16:25 PM
Try it again. If still no luck you may have to do a factory reset. 
Title: Re: Anveo customers now get built-in SIP Scanners protection
Post by: LorenzoA on May 08, 2014, 08:18:11 PM
Has anyone implemented the fix that the anveo rep described above exactly as written and proved it effective?
Title: Re: Anveo customers now get built-in SIP Scanners protection
Post by: wadewood on May 09, 2014, 08:53:35 AM
Quote from: AlanB on May 08, 2014, 07:16:25 PM
Try it again. If still no luck you may have to do a factory reset. 
I deleted the device and did the hard factory reset.  Reset up and now back working.   Was not easy as this obi is at elderly relative house - trying to walk through steps of resetting with a paper clip.  It is working now; lets see if setup also stops the spam SIP scanners. 

I submitted support ticket to Anveo; not answered yet.