News:

On Tuesday September 6th the forum will be down for maintenance from 9:30 PM to 11:59 PM PDT

Main Menu

How do I disable Obitalk?

Started by txcas, February 16, 2012, 11:42:32 AM

Previous topic - Next topic

txcas

I am getting calls in the middle of the night that are not coming from my VoIP prodiver.  They have to be coming through the Obitalk network.  They usually don't have caller ID info, but the one today showed 101 as the caller ID.  How do I disable Obitalk on the Obi110?

RonR

#1
Those calls are not coming from the OBiTALK Service.  They are coming from SIP scanners.

The only effective way to block them is to use:

Service Providers -> ITSP Profile x -> SIP -> X_AccessList

where x is A and/or B if configured for SIP.

Place the IP address(es) of authorized SIP connections in this list, separated by commas.

txcas

Thank you.  I find it unlikely that SIP scanners are comming through my firewall.  I never had this problem before with other ATA devices.  I figured out how to disable auto provisioning and the Obitalk service, so I will try that first.  If that does not work, I will try your suggestion.

RonR

With the OBiTALK Service disabled, you can't make or receive calls to other OBi's or OBiON Apps.

If you look in the OBi Call History, you will clearly see they are coming in on SP1 and/or SP2, not OBiTALK.

You can also enable Syslog and you'll find most of them are coming from Russian IP addresses.

Everton

RonR is correct!  What is so special about your firewall?  If individuals can defeat the Pentagon or other Corporate Firewalls, why do you think your lowly firewall can stop individuals with very high technical know how from bypassing your firewall and/or make outgoing calls from your OBi ATA?  If you do a quick search on this forum, you will see multiple post related to this issue and ways to prevent it.


Quote from: txcas on February 16, 2012, 12:27:10 PM
Thank you.  I find it unlikely that SIP scanners are comming through my firewall.  I never had this problem before with other ATA devices.  I figured out how to disable auto provisioning and the Obitalk service, so I will try that first.  If that does not work, I will try your suggestion.

txcas

Quote from: RonR on February 16, 2012, 12:33:35 PM
With the OBiTALK Service disabled, you can't make or receive calls to other OBi's or OBiON Apps.

If you look in the OBi Call History, you will clearly see they are coming in on SP1 and/or SP2, not OBiTALK.

You can also enable Syslog and you'll find most of them are coming from Russian IP addresses.


I know, I don't make OBI's calls or use Obion Apps.  I have 2 lines setup with Voip.ms and that is all I need my Obi to do.  I will let you know how it goes.

RonR

Quote from: txcas on February 16, 2012, 01:42:11 PM
I will let you know how it goes.

You will be awakened in the middle of the night again.

txcas

Quote from: RonR on February 16, 2012, 01:49:38 PM
Quote from: txcas on February 16, 2012, 01:42:11 PM
I will let you know how it goes.

You will be awakened in the middle of the night again.

I am sorry to disappoint you, but problem fixed since disabling Obitalk.  You were right, the calls are not internal Obitalk calls, but the SIP scanners are riding on the ports used by Obitalk.  That is why the other Linksys ATAs I have been using for years on the same network do not experience this problem.

RonR

Quote from: txcas on February 23, 2012, 08:58:27 AM
I am sorry to disappoint you, but problem fixed since disabling Obitalk.  You were right, the calls are not internal Obitalk calls, but the SIP scanners are riding on the ports used by Obitalk.  That is why the other Linksys ATAs I have been using for years on the same network do not experience this problem.

If that were the case, allowing only legitimate IP addresses in on ITSPA/ITSPB would not be effective, but it is totally effective.

Syslog captures of the SIP scanners also reveal they're coming in on port 5060 and not via the OBiTALK Service (port 10000).

The main reason the OBi is vulunerable to these scans is it accepts INVITES addressed to *any* SIP userid.

ProfTech

Question for RonR. Would the IP Addresses you mention be the address(es) of the Proxy?

RonR

Quote from: ProfTech on February 29, 2012, 02:42:43 PM
Question for RonR. Would the IP Addresses you mention be the address(es) of the Proxy?

Yes.  You also have to list any IP addresses that send you calls via SIP URI.