News:

On Tuesday September 6th the forum will be down for maintenance from 9:30 PM to 11:59 PM PDT

Main Menu

Unknown call on caller ID--came through Obi box?

Started by flex25, June 08, 2012, 08:31:49 AM

Previous topic - Next topic

flex25

Hi, newbie here.  I woke up this morning and my caller ID shows that a call came in at 5:59 am my time.  The Caller ID shows "UNKNOWN" with no phone number.  Since I was sleeping at the time, in a different room than the phone is in, I don't know if the phone rang and whether the attached answering machine picked up.  No message was recorded on the answering machine.

I checked my two service provider accounts, Callcentric on SP1 and GV on SP2, and the call does not show as having come through either of the accounts.  I have anonymous call blocking set on both accounts, and my GV on SP2 is set to go to GV voicemail only for all calls.  I never set any other phone number to forward to the Obi box or to either of these two phone service provider accounts.

Could the call have come through the Obi box itself, and if so, how can I block calls coming through the box.  I never intend to call people directly on the Obi box, and never intend to give out the Obi box number so that people can call me.  All calls will go through Callcentric or GV.  Other people having the ability to ring me by accessing the Obi box directly is a disturbing thought to me.  Or, did someone try to hack into my Obi setup?

Does anyone have a similar experience or know what would have caused this "UNKNOWN" call to register, and have a suggestion for blocking future calls of this nature (that a newbie would understand).  And, what whould I check to make sure the Obi account wasn't hacked?  I checked the Obitalk "Circle of Trust," and "Trusted Callers" in my account and there is no activity shown.  I added a PIN number for the Circle of Trust when I set up the Obi box.

It's an Obi 110, and I'm not using anything in the line port.

Thank you.

flex25

Yuck.  I looked at this topic in the forum, http://www.obitalk.com/forum/index.php?topic=3228.0
and based on that, I logged into my Obi's IP address, and under Status, Call History, I see that 4 calls came in in quick succession, not one call.  Here's a screen shot of calls 2 through 4, and call 1 that's not shown looks just like calls 2 and 3:



The first call received (call 4) shows what might have been an inbound call, and calls 3, 2, and 1 (the next calls) say they're inbound, but column 2 says, "call connected", which is something I see on my other outbound calls.  Calls 3, 2, and 1 have a "403 Incorrect Authentication" error code.

What's going on here?  Did someone try to hack into my device, try to make calls from it, or try to change the registration?

QBZappy

flex25,

Using the portal or unit web interface, you might want to set this up with the IP address of the service providers that you are using. This creates a white list of authorized ip's which can work with your unit. This might work. If you don't know the actual ip address you can ask your SP or google it.


ITSP Profile A/B->SIP->X_AccessList = authorized ip address
Owner of the 1st OBi110/100 units in service in Canada & South America. 1st OBi202 on my street. 1st OBi1032 in Montreal.

flex25

QBZappy, Callcentric lists a range of IP addresses on their FAQ page; how do I enter an IP address in this case?  My other provider is Google Voice--how do I get an IP address for GV?

I do follow what you are saying and understand where to enter that data.  Thanks for the help.

I changed my Obi password and web password.

QBZappy

flex25,

The OBi is really a Google Chat/Talk client built into the box. If you ping talk.google.com, it returns:
talk.l.google.com (173.194.68.125). I'm not certain you need to white list that one. However you might want to try it.

To get the ip address of any SP go to command prompt type something like this (I don't use Callcentric):
ping montreal.voip.ms

I found this: Test it
Callcentric calls could come from any of the following 9 IP Addrs -
204.11.192.22, 204.11.192.23, 204.11.192.31,
204.11.192.34, 204.11.192.35, 204.11.192.36,
204.11.192.37, 204.11.192.38, 204.11.192.39
Owner of the 1st OBi110/100 units in service in Canada & South America. 1st OBi202 on my street. 1st OBi1032 in Montreal.

flex25

#5
Thanks QBZappy.  Ping tests and all this is new territory for me, but I'm trying really hard to learn this.  Today, I did a factory reboot of the Obi to clear out the Obi Wizard settings, and manually set my providers Callcentric on SP1 and GV SP2 in the expert configuration.  It all works (which is impressive to me, and is an accomplishment in itself).  Now, I can manually change security settings such as the SIP access.  

This is the result of my ping test to Callcentric:

My computer timed out 4 requests (4 packets) (100 percent timed out), and returned one IP.  I tried it twice, and got the same result each time.  I did a Traceroute, and it timed out after step 9 (of 30 steps).  My computer is old and needs to be updated, and it's slow--that may be the problem.

The Callcentric website says this under FAQ-Setup:
QuoteWhat IP blocks should I add to my router/firewall?

If you have a secured/restricted network and need to know the ports and IP addresses to allow for Callcentric then please use the information below.

NOTE: In general ports 5060-5080 should be allowed in order to properly communcate with the Callcentric servers. Users experiencing audio issues may want to check that RTP audio is not blocked by their firewall configuration:

IP addresses/Networks
204.11.192.0/22
OR
204.11.192.0 - 204.11.195.255

If you are making changes for security purposes or are using more adanced configurations please make sure that the ports used with your SIP UA are not blocked by your firewall rules.
See the large range of IP addresses:  204.11.192.0 - 204.11.195.255.  Is it possible for me to put in that range of IP addresses (and how would I write that)?  Also, the 9 IP addresses that QBZappy got--they won't be the same for me, correct (does it depend on my computer/location/router)?  Would Callcentric be able to tell me what IP addresses to use for my computer/router?  Also, if I don't use Callcentric's full range of IP addresses will I have problem making or receiving calls day to day when Callcentric routes calls through different IP addresses in their range?    

When I ping talk.google.om, I get talk.l.google.com and a different IP than you got.  The ping to google talk is successful, returning 100% packets and one IP address.  I am having trouble understanding what you said not needing to white list this one--is it that SIP scanners don't or can't call into SP2 lines?

Thanks so much.  SIP scanners having the ability to ring my phone and possibly hack into my accounts is unacceptable, and I will continue to learn to do this.

flex25

I still don't understand how to write Callcentric's large range of IP addresses in this:
ITSP Profile A/B->SIP->X_AccessList = authorized ip address

So, I asked them today, explaining how I wanted to block SIP scanners from ringing my phone and Callcentric's response, in part, was this:

QuoteYou should not receive ANY direct IP calls as long as you are not forwarding ports 5060-5080 to your Obi110. Please do not forward those ports as you do not need to with our services. That should stop your Obi110 from receiving the direct IP calls.

Would someone please explain to me where port forwarding is occurring, and what I need to disable or change in the Obi configuration. 

Also, exactly how do I write Callcentric's large range of IP addresses, which is:
Quote204.11.192.0/22
OR
204.11.192.0 - 204.11.195.255

Thank you.

Ostracus

Quote from: flex25 on June 11, 2012, 08:48:45 PM
I still don't understand how to write Callcentric's large range of IP addresses in this:
ITSP Profile A/B->SIP->X_AccessList = authorized ip address

So, I asked them today, explaining how I wanted to block SIP scanners from ringing my phone and Callcentric's response, in part, was this:

QuoteYou should not receive ANY direct IP calls as long as you are not forwarding ports 5060-5080 to your Obi110. Please do not forward those ports as you do not need to with our services. That should stop your Obi110 from receiving the direct IP calls.

Would someone please explain to me where port forwarding is occurring, and what I need to disable or change in the Obi configuration. 

Also, exactly how do I write Callcentric's large range of IP addresses, which is:
Quote204.11.192.0/22
OR
204.11.192.0 - 204.11.195.255

Thank you.

Port-forwarding happens in the router.  The admin interface is the best place to start. What model router do you have?

flex25

#8
I have a Belkin CE0560.  I have not messed with the Router at all--I just plugged the Obi 110 into it.

Thanks for your help. :)


QBZappy

flex25,

204.11.192.0/22
This might do it. My router (Tomato firmware) accepts an ip range in this format.  Like usual, you need to TEST IT.
Owner of the 1st OBi110/100 units in service in Canada & South America. 1st OBi202 on my street. 1st OBi1032 in Montreal.

flex25

#10
Hey QBZappy.  Thanks for your help.

I tested the Callcentric IP range in the Obi setup, ITSP Profile A>SIP->X_AccessList =
I entered 204.11.192.0/22
That didn't work; I couldn't receive a test phone call.

So, I tried 204.11.192.0 - 204.11.195.255
just that exact way, with spaces before and after the dash, as Callcentric showed it written, and that didn't work; I couldn't receive a test phone call.

Then I tried the single IP address within the range that I got when I tried the ping test (which timed out), and it did work; the test call did ring my phone.

So, I looked more online, and found this website,
http://support.google.com/googleanalytics/bin/answer.py?hl=en&answer=55572
that has a calculator thing to generate an IP address range using the first and last IP address in the range.  I entered them, and got:
^204\.11\.(1(9[2-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$
Which I put in ITSP Profile A>SIP->X_AccessList =
and voila, the test call did ring my phone.  So I guess that is the IP range in some other written format.

According to that link, it's a Google filter pattern.  Then, there's this page that expalins Google regular expressions:  http://support.google.com/googleanalytics/bin/answer.py?hl=en&answer=55582
It looks like a bunch of wldcard rules to match all variations of the numbers in the IP address range.

I would love to think I succeeded here.   So whatdaya think?

QBZappy

flex25,

The manual clearly says comma separated list.

My router allows this:

"1.1.1.1", "1.1.1.0/24", "1.1.1.1 - 2.2.2.2" or "me.example.com"

It seems that you may have tried a few of these variations already. It might be that the OBi simply does support ip ranges.

It would be nice if OBiSupport would chime in with the definite answer right about now.

Quote from: flex25 on June 13, 2012, 08:36:17 PM
Does the different IP address matter?

I would think so.

Are you still getting "Unknown" callers?
Owner of the 1st OBi110/100 units in service in Canada & South America. 1st OBi202 on my street. 1st OBi1032 in Montreal.

flex25

#12
Hi QBZappy--I tried something else after I posted that response and just modified my response.  

I haven't gotten unknown callers since that day, but it's been only one week.

QuoteIt would be nice if OBiSupport would chime in with the definite answer right about now.
I agree.  This is an Obi-sponsored forum, and it appears that Obi does not respond as much as I would think they would.

Followup:  Nope, this isn't the solution either.  I tried some different ranges, written in the Google filter pattern, and all of them allowed my phone to ring.  The Obi configuration is not recognizing the Google filter pattern--it's as if the field is blank, and it's defaulting to allow all IP addresses through.  If I enter a single IP address outside the range, it blocks the call.  The Obi configuration will not accept a range, only single addresses, separated by commas.

When I have some time, I will do the range as a list with Excel, and format and paste the list, if the Obi configuration allows that long a list.  I can look into what I can do in the router as well.  Other than that, the only other option I see is to place an external call blocker between the Obi and the phone to block calls coming through the Obi itself.

Obi, please update so that ITSP Profile A/B>SIP->X_AccessList = to accept a range of IP addresses, to block SIP scanners. This is an issue that quite a few users have had.

Ad_Hominem

#13
I know that this is an OLD thread, but I wanted to chime in and let everyone know that it seems that the Belkin routers have a very special way of handling VOIP devices.  If the router sees a VOIP device sending SIP calls out, it opens that port for ALL INCOMING SIP traffic to that device, even if the traffic is coming from somewhere other than where your device is connecting to.  That's a huge security hole. Most routers DO NOT do this.

Just to clarify, if I have a VOIP device behind a typical router, and it registers to Callcentric, the router will open up the port so that Callcentric's IP address can respond.  Belkin routers, however, just open the port completely and allow anyone to access the device.  That's not safe.


I suggest that ANYONE who has a Belkin router DUMP it and get a router that does not engage in this kind of risky practices.

Shale

Quote from: Ad_Hominem on October 04, 2013, 10:03:52 PM
... it seems that the Belkin routers have a very special way of handling VOIP devices.  If the router sees a VOIP device sending SIP calls out, it opens that port for ALL INCOMING SIP traffic to that device, even if the traffic is coming from somewhere other than where your device is connecting to.  That's a huge security hole. Most routers DO NOT do this.
I believe you are mistaken on this. Most routers do this. Some do not. Some users change the router firmware to get the behavior you are looking for.

Ostracus

There may be a way to turn off such behavior and go manual.