News:

On Tuesday September 6th the forum will be down for maintenance from 9:30 PM to 11:59 PM PDT

Main Menu

Getting constant "calls" from 100 and 10001

Started by mattress, January 02, 2019, 01:55:56 PM

Previous topic - Next topic

mattress

Just today, I started to get CONSTANT calls from Caller ID numbers 10001 and 100.  I've checked the call logs with my VOIP provider, and there aren't any.  So my only conclusion is that my OBi is doing this.  Any ideas, as this is driving me insane?

Taoman

Quote from: mattress on January 02, 2019, 01:55:56 PM
Just today, I started to get CONSTANT calls from Caller ID numbers 10001 and 100.  I've checked the call logs with my VOIP provider, and there aren't any.  So my only conclusion is that my OBi is doing this.  Any ideas, as this is driving me insane?

You're getting hit by SIP scanners. Enable X_AcceptSipFromRegistrarOnly in OBi Expert Advanced Configuration.

Voice Services-->SPx Service-->X_AcceptSipFromRegistrarOnly


Sheffield_Steve

You have your Obi exposed to the "incoming" internet (Not good).  As this has just started you probably made a change to your router, etc.

drgeoff

Quote from: Sheffield_Steve on January 03, 2019, 06:25:48 AM
You have your Obi exposed to the "incoming" internet (Not good).  As this has just started you probably made a change to your router, etc.
Not necessarily and most probably not caused by a change of router.  Most SIP ITSPs use port 5060.  That port (or whatever one) needs to be permanently open so that you can receive SIP invites for incoming calls.  SIP scammers target such ports.  There is nothing a typical home router can do about it as most do not have user configuration facilities to discriminate between packets from the IP address of your ITSP and packets from other addresses.  OBi devices do, as per the advice above from Taoman.

Sheffield_Steve

#4
Sorry, It's NOT required to have port 5060 open on your router for incoming calls unless you have a SIP phone system.  

The Obi or other SIP software on devices such as phones makes and keeps an outgoing connection open on that port.  Having any port open on your router for incoming traffic is a big security risk.  

drgeoff

Quote from: Sheffield_Steve on January 03, 2019, 08:20:50 AM
Sorry, It's NOT required to have port 5060 open on your router for incoming calls unless you have a SIP phone system.  

The Obi or other SIP software on devices such as phones makes and keeps an outgoing connection open on that port.  Having any port open on your router for incoming traffic is a big security risk.  
You are agreeing with me.

Sheffield_Steve

I'm not sure how!

You are saying the port needs to be open on the router, I'm saying it doesn't and shouldn't be.

drgeoff

Quote from: Sheffield_Steve on January 03, 2019, 08:56:57 AM
I'm not sure how!

You are saying the port needs to be open on the router, I'm saying it doesn't and shouldn't be.
That port needs to be open on the router.  The OBi (or other SIP ATA) does that by means such as sending keep alive messages, periodic registration messages etc to the ITSP.

Sheffield_Steve

#8
But it still does NOT require that you open the SIP ports on the router for incoming connections, as the ITSP doesn't connect back TO the Obi device (or any other SIP client) using the typical SIP ports (5060,5061).  

The way it works is as follows:

a) The Obi client firmware opens a random high port on it's hardware (NOT 5060 or 5061).  Lets say it's 11111 for this example

b) It then initiates and makes an OUTBOUND connection to the SIP port (5060, or 5061 usually) on the ITSP's server.  Let's say it's 5060 for this example.

c) If it succeeds, the ITSP server software opens a random high port on it's hardware.  Lets say it's 22222 for this example

d) Then, the ITSP and the Obi negotiate a random ephemeral port for the connection for the ITSP to the Obi.  (Lets say they chose 33333)

So in this EXAMPLE, the connections are as follows:

Obi's port 11111 is connected to the ITSP server's port 5060
ITSP's port 22222 is connected to the Obi's port 33333

i.e. At no point is a SIP port (5060, or 5061) open or needed on the Obi hardware.  (It's only open on the ITSP's server)

Thus, to get back to the OP, if they are getting phone spam and it's not coming via his phone ITSP's, then their Obi must have the SIP ports open and exposed to the internet.

ProfTech

#9
While checking "X_AcceptSipFromRegistrarOnly" can work, with some service providers it won't work. Some ITSP's send INVITE's from a different IP address than you are registered to and you won't get those calls. Another old fix for this has been around since the 100/110 days. Simply set Inbound call route to something like "{>1234567:ph},{?|@:}". Replace 1234567 with the user ID you have with your ITSP. Both the 200 & 202 have a check box specifically for this. If you have a 200 or 202 simply check X_EnforceRequestUserID. If the spammer doesn't know your sip user ID your phone won't ring.

*edited* If my memory serves me correctly, the user agent port for sp1 on the 100 series defaults to 5060 and sp2 defaults to 5061. I highly recommend changing both to another number [make sure both sp's use a different number].  I think this was corrected in the 200 series. Also, disable sp2-sp4 if they are not being used.

mattress

Quote from: Sheffield_Steve on January 03, 2019, 06:25:48 AM
You have your Obi exposed to the "incoming" internet (Not good).  As this has just started you probably made a change to your router, etc.
I did recently get a new router.  UPnP was enabled.  Could that have been it?  I've since turned it off.

mattress

Quote from: ProfTech on January 03, 2019, 02:57:36 PM
While checking "X_AcceptSipFromRegistrarOnly" can work, with some service providers it won't work. Some ITSP's send INVITE's from a different IP address than you are registered to and you won't get those calls. Another old fix for this has been around since the 100/110 days. Simply set Inbound call route to something like "{>1234567:ph},{?|@:}". Replace 1234567 with the user ID you have with your ITSP. Both the 200 & 202 have a check box specifically for this. If you have a 200 or 202 simply check X_EnforceRequestUserID. If the spammer doesn't know your sip user ID your phone won't ring.

*edited* If my memory serves me correctly, the user agent port for sp1 on the 100 series defaults to 5060 and sp2 defaults to 5061. I highly recommend changing both to another number [make sure both sp's use a different number].  I think this was corrected in the 200 series. Also, disable sp2-sp4 if they are not being used.
I looked through the settings and didn't see anything for user agent.  Any idea where that might be? Also, in layman's terms, can you explain what its for?

Taoman

Quote from: mattress on January 04, 2019, 01:46:24 PM

I looked through the settings and didn't see anything for user agent.  Any idea where that might be? Also, in layman's terms, can you explain what its for?

Voice Services-->SPx Service-->X_UserAgentPort (change it to something between 20000 and 60000 making it more difficult for a SIP scanner to find and probe the particular port you are using)

User agent sends/receives SIP requests/packets. A user agent is your actual client: IP phone, OBi ATA, softphone, etc. X_UserAgentPort is the port number the SIP packets are actually transmitted/received on.

QuoteUser-agent client (UAC)--A client application that initiates the SIP request
User-agent server (UAS)--A server application that contacts the user when a SIP request is received and that returns a response on behalf of the user.

Taoman

Quote from: mattress on January 04, 2019, 12:19:21 PM

I did recently get a new router.

That would have been a useful piece of information to include in your first post.

Go to the link below and proceed to Shields Up and probe ports 5060-5061 (must enter manually and hit Enter) on your public IP address. Status should be "Stealth."
You should also probe Common Ports or All Service Ports.

https://www.grc.com/x/ne.dll?bh0bkyd2