Re-directing Anonymous Calls
RonR:
Quote from: Stewart on February 23, 2012, 10:48:14 am
For SP1 Service, changing X_UserAgentPort from 5060 to e.g. 5070 should eliminate calls from scanners. If you had to forward port 5060 in your router (to work around a router problem), forward the new port instead.
This leaves one with a non-standard setup. I much prefer to leave things standard and simply block the bad guys by only letting the good guys in.
Stewart:
Quote from: RonR on February 23, 2012, 11:00:32 am
This leaves one with a non-standard setup. I much prefer to leave things standard and simply block the bad guys by only letting the good guys in.
It's only non-standard if you are having SIP requests come into the device directly, without a provider. Most softphones and some ATAs, e.g. Grandstream, listen on a port other than 5060. The OBi does, too, for SP2. Perhaps I should have suggested to the OP to use SP1 for GV and SP2 for SIP, but that would be a much larger and error prone change.
The problem with X_AccessList is that it won't accept domain names, but is limited to numeric IPs, so a change at the provider may cause your system to stop working, without warning. Also, the documentation is unclear -- it says "... IP addresses that are allowed to send SIP requests ...". If SIP responses get through anyway, that's good, in the sense that your 911 call won't fail. But boy, is that an obscure problem "I'm registered ok and can make outbound calls, but incoming calls go to voicemail, after a long delay. What could be wrong?"
infin8loop:
Regarding Service Providers -> ITSP Profile x -> SIP -> X_AccessList
If one chooses not to use the above or monkey around with SIP ports, is there any real danger that a scanner is going to do anything other than make an annoying phone call to you? By this I mean, would they be able to exploit the OBi by making an outbound call on SPx, VGx, line port, etc? Earlier today when I typed the voip.ms ip address into X_AccessList I thought of the same issue that Stewart mentioned about the ip address possibly changing. I have no idea how providers handle failovers but it seems plausible they might change the dns entry to point to a different backup server/ip address.
Stewart:
Quote from: infin8loop on February 23, 2012, 05:40:18 pm
is there any real danger that a scanner is going to do anything other than make an annoying phone call to you?
If the InboundCallRoute for the SPx in question just goes to the Phone port, there is no issue. However, if it lets certain callers make outbound calls on your system, then an intruder could spoof the magic caller ID and drain your account. With POTS or another postpaid service, your risk could be quite high. However, this assumes that the attacker knows what number to spoof, and if he does, he could probably rip you off anyway, by simply calling your DID from a spoof-friendly VoSP.
It's conceivable that the OBi has a vulnerability that would allow an unauthenticated attacker to exploit a bridging setup, but nothing like this has yet been reported.
VulcanTourist:
I am personally not plagued by unwanted SIP or Asterisk or any other high-tech sorts of calls. I took the discussion to be about blocking calls that simply don't have Caller ID info, and that was what I addressed. My primary point was that the rule being discussed was partial and incomplete and assumed more knowledge on the part of the audience than is reasonable. The rule being discussed, if used literally, would fail to be useful because it would never ring an attached phone, even for the wanted calls. It lacked the necessary ,{ph} to accomplish that.
This is a recurring problem in discussions in this forum: too much is assumed about the knowledge or skillset of the readers. Some people conversing here seem to forget that this is a de facto public knowledgebase and not a private e-mail conversation. My post was an attempt to summarize and presume far less, for the benefit of people who don't know anything about ATAs and how to configure them.
The rule I described in detail, used exactly as I described, has been working fine for me to stop unwanted callers from ringing my phone, but still warn them off and give them a chance to leave a message if they're really legitimate. It also gives me a call history to track in GV and the Obihai, which I wouldn't get if I simply blocked the anonymous calls. If I had Caller ID service on my PSTN line, I'd also transfer the same rule to the Line service and stop them from getting through there as well.
Navigation
[0] Message Index
[#] Next page
[*] Previous page