December 14, 2018, 06:41:56 pm *
Welcome, Guest. Please login or register.
News:
 
   Forum Home   Search Login Register OBiTALK  
Pages: [1] 2 3 ... 10
  Print  
Author Topic: SIP scanners  (Read 789893 times)
lacibaci
Jr. Member
**
Posts: 49


« on: September 06, 2012, 05:50:04 am »

Is there a way of preventing SIP scanners from ringing my phone at night?

I tried looking into X_AccessList to limit incoming calls only from Callcentric but the inability of OBi100 to specify range makes it impossible (CC range is 204.11.192.0/22)

Maybe there is way to restrict calls coming from registered server using X_InboundCallRoute?

[Obihai Support Response]

There are several ways to block SIP scanners. Here are two common ways:

1. A simple way to thwart SIP scanners is to change the SP1 X_UserAgentPort to a non-standard value, such as 35060.   If you have multiple SIP services running on your OBi, remember to make sure each SPn uses a different User Agent port. This trick will stop most SIP scanners if they are only targeting the commonly used port 5060.

2. A more fool-proof method is to enable the parameter: X_EnforceRequestUserID. This parameter is under SPn in the SIP Credentials section.   What this does, is it makes sure the incoming INVITE has a User ID that matches the User ID of your SIP service account. If it does not match, the INVITE will be rejected and the phone will not ring.  Enabling this parameter will maintain normal voice service as well as block SIP scanners. Notes:  Some service providers do not adhere to this rule. This parameter is not available on the OBi100 and OBi110 devices.


[End: Obihai Support Response]
 
« Last Edit: September 24, 2015, 11:01:23 am by OBiSupport » Logged
Ostracus
Hero Member
*****
Posts: 576


« Reply #1 on: September 06, 2012, 07:42:41 am »

An idea. Some routers basically have a "parental" feature were one can turn on and off access to a particular IP address on a time basis. In this case it could be an Obi unit. Give your unit a static address and see if denying access during your night hours helps?
Logged
lacibaci
Jr. Member
**
Posts: 49


« Reply #2 on: September 06, 2012, 07:58:28 am »

Yes, I could do this.  I could also create a firewall rule to disable all traffic to OBi except Callcentric IP range.  I was hoping for a cleaner solution though.

It would be awesome if OBi had a setting "AllowCallsFromRegisteredServers"
Logged
ianobi
Hero Member & Beta Tester
*****
Posts: 1828


« Reply #3 on: September 06, 2012, 09:38:15 am »

It may be worth looking at Peer Number in Call History to see what the scanners identity looks like. The scanners calling me at 2am used numbers like 100, 1000, 1001. I put this rule in one of my X_InboundCallRoute:

{(?|x|xx|xxx|xxxx|xxxxx|xxxxxx):} ...

It bans any blank caller id and any caller id less that seven digits. It's been working for me for a long time. Also can be worth changing your X_UserAgentPort from 5060 and 5061 to maybe 5070 and 5071.
Logged
lacibaci
Jr. Member
**
Posts: 49


« Reply #4 on: September 06, 2012, 04:54:47 pm »

X_InboundCallRoute seems like a good enough temporary solution.  One more question: Does it get logged when it matches?
Logged
ianobi
Hero Member & Beta Tester
*****
Posts: 1828


« Reply #5 on: September 06, 2012, 11:14:21 pm »

No. The failed calls do not get logged. In effect they do not get into your Obi, so nothing is recorded. You know it's working because you sleep better  Smiley
Logged
lacibaci
Jr. Member
**
Posts: 49


« Reply #6 on: September 07, 2012, 06:57:18 pm »

Ok, something weird happened. I disabled SP2 and OBiTALK and I haven't gotten single rogue ring.  Go figure...
Logged
ianobi
Hero Member & Beta Tester
*****
Posts: 1828


« Reply #7 on: September 08, 2012, 01:10:58 am »

It would be interesting to look in Call History to see exactly where the rogue calls were coming from. You have to access the OBi directly to see Call History. Dial ***1 to get the ip address. It will show the last 200 calls.
Logged
lacibaci
Jr. Member
**
Posts: 49


« Reply #8 on: September 08, 2012, 07:34:03 am »

It does show that all of them came through SP1.  Is it possible that when SP2 and OBiTALK are enabled (even if not configured or used) opens OBi100 enough so that it is vulnerable to these scans?
Logged
ianobi
Hero Member & Beta Tester
*****
Posts: 1828


« Reply #9 on: September 08, 2012, 08:14:39 am »

Do the calls appear in your Callcentric log? I'm guessing probably not. I think the scanners are dialling random IP addresses and testing port 5060, which is default for most SIP devices and default for X_UserAgentPort on the OBi for sp1. You could change the X_UserAgentPort to 5070.

I cannot see any reason why enabling sp2 and OBiTALK should make any difference, but I'm not an expert with router type config settings.
Logged
ProfTech
Sr. Member
****
Posts: 418


« Reply #10 on: September 08, 2012, 10:51:56 am »

If disabling Obitalk solved your issue that's great, however even though the Obi doesn't allow the nomenclature 204.11.192.0/22 in the access list, I simply manually entered the addresses 204.11.192.20 thru .39 in my access list and haven't seen a problem. I think the field allows 512 characters and those are the only IP's I've seen pop up as registered. Just list the IP addresses with a comma separating each one and no spaces in the list.
Logged
lacibaci
Jr. Member
**
Posts: 49


« Reply #11 on: September 08, 2012, 04:39:59 pm »

Ok. BTW, Callcentric just sent me their updated list:

204.11.192.0/24 (204.11.192.0 - 204.11.192.255)
66.193.176.0/24 (66.193.176.0 - 66.193.176.255)
Logged
tome
Full Member
***
Posts: 167


« Reply #12 on: September 09, 2012, 12:22:20 pm »

It may be worth looking at Peer Number in Call History to see what the scanners identity looks like. The scanners calling me at 2am used numbers like 100, 1000, 1001. I put this rule in one of my X_InboundCallRoute:

{(?|x|xx|xxx|xxxx|xxxxx|xxxxxx):} ...

It bans any blank caller id and any caller id less that seven digits. It's been working for me for a long time. Also can be worth changing your X_UserAgentPort from 5060 and 5061 to maybe 5070 and 5071.

I have gotten calls from odd numbers like "1" or "100" at stupid times.  I also get ones from "unknown" as well.  I would love to stop these.

First, for the X_InboundCallRoute are you talking about
Voice Services -> SP2 Serivce -> X_InboundCallRoute ?
And if so, I currently have "ph" (minus the quotes) in that place.  Should I leave ph or add it to the end of what you have or delete it....?

For example when I am done should it read as below?
{(?|x|xx|xxx|xxxx|xxxxx|xxxxxx):ph}

Second, will this also stop the "unknown" calls?

Below are a couple calls from my log:
http://bgp.nu/~tom/pub/badcall1.jpg
http://bgp.nu/~tom/pub/badcall2.jpg
Logged
lacibaci
Jr. Member
**
Posts: 49


« Reply #13 on: September 09, 2012, 12:28:02 pm »

If your current entry is ph or {ph} change it to:

{(?|x|xx|xxx|xxxx|xxxxx|xxxxxx):},{ph}

Lac
Logged
tome
Full Member
***
Posts: 167


« Reply #14 on: September 09, 2012, 12:31:45 pm »

If your current entry is ph or {ph} change it to:

{(?|x|xx|xxx|xxxx|xxxxx|xxxxxx):},{ph}

Lac


Thanks. Should I add this to both SP1 and SP2 or just SP2.  ph, says ring the Phone Port if I am not mistaken, yes?  So if I have it blank, as you do, is ph implied?

Also do you know how to also get rid of calls from "unknown"?

Tom
Logged
lacibaci
Jr. Member
**
Posts: 49


« Reply #15 on: September 09, 2012, 12:34:35 pm »

If you have two providers set it for both, sp1 and sp2. I have only one (Callcentric) so I set it on sp1 only.
Logged
ianobi
Hero Member & Beta Tester
*****
Posts: 1828


« Reply #16 on: September 09, 2012, 11:37:47 pm »

{(?|x|xx|xxx|xxxx|xxxxx|xxxxxx|un@@.|anon@@.):},{ph}

This will ban calls with no Peer Number, any Peer Number less than seven digits, Peer Number "unknown" and Peer Number "anonymous".

Sleep well  Smiley
Logged
tome
Full Member
***
Posts: 167


« Reply #17 on: September 10, 2012, 04:24:15 am »

{(?|x|xx|xxx|xxxx|xxxxx|xxxxxx|un@@.|anon@@.):},{ph}

This will ban calls with no Peer Number, any Peer Number less than seven digits, Peer Number "unknown" and Peer Number "anonymous".

Sleep well  Smiley

Yay, I will!  Thanks!
Tom
Logged
kevin8629
Newbie
*
Posts: 5


« Reply #18 on: September 20, 2012, 10:44:55 am »

{(?|x|xx|xxx|xxxx|xxxxx|xxxxxx|un@@.|anon@@.):},{ph}

This will ban calls with no Peer Number, any Peer Number less than seven digits, Peer Number "unknown" and Peer Number "anonymous".

Sleep well  Smiley
What am I doing wrong.  I keep cutting and pasting this into inbound call route.  I submit changes and then reboot.  Its there, but when I close the window or change screens it goes back to ph and the box is check beside it again.  Please help
Logged
ianobi
Hero Member & Beta Tester
*****
Posts: 1828


« Reply #19 on: September 21, 2012, 12:52:13 am »

kevin8629,

I guess you are making changes using the web page. Your changes are being over written by the OBi Portal. Read this:

http://www.obitalk.com/forum/index.php?topic=61.msg109#msg109

I suggest you use the OBi Portal via the expert pages at least until you get familiar with the OBi. Click on your OBi device on the Dashboard and follow prompts to get to the Expert Pages.

I'm going to assume you do changes from the portal via the expert pages. To make a change to a value uncheck both boxes to the right of that value, leave them unchecked, make your changes, then press submit and wait for the OBi to reboot. Each page needs a submit/reboot before you move to another page.

Logged
Pages: [1] 2 3 ... 10
  Print  
 
Jump to:  

Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC