SIP scanners

(1/37) > >>

lacibaci:
Is there a way of preventing SIP scanners from ringing my phone at night?

I tried looking into X_AccessList to limit incoming calls only from Callcentric but the inability of OBi100 to specify range makes it impossible (CC range is 204.11.192.0/22)

Maybe there is way to restrict calls coming from registered server using X_InboundCallRoute?

[Obihai Support Response]

There are several ways to block SIP scanners. Here are two common ways:

1. A simple way to thwart SIP scanners is to change the SP1 X_UserAgentPort to a non-standard value, such as 35060.   If you have multiple SIP services running on your OBi, remember to make sure each SPn uses a different User Agent port. This trick will stop most SIP scanners if they are only targeting the commonly used port 5060.

2. A more fool-proof method is to enable the parameter: X_EnforceRequestUserID. This parameter is under SPn in the SIP Credentials section.   What this does, is it makes sure the incoming INVITE has a User ID that matches the User ID of your SIP service account. If it does not match, the INVITE will be rejected and the phone will not ring.  Enabling this parameter will maintain normal voice service as well as block SIP scanners. Notes:  Some service providers do not adhere to this rule. This parameter is not available on the OBi100 and OBi110 devices.

[End: Obihai Support Response]
 

Ostracus:
An idea. Some routers basically have a "parental" feature were one can turn on and off access to a particular IP address on a time basis. In this case it could be an Obi unit. Give your unit a static address and see if denying access during your night hours helps?

lacibaci:
Yes, I could do this.  I could also create a firewall rule to disable all traffic to OBi except Callcentric IP range.  I was hoping for a cleaner solution though.

It would be awesome if OBi had a setting "AllowCallsFromRegisteredServers"

ianobi:
It may be worth looking at Peer Number in Call History to see what the scanners identity looks like. The scanners calling me at 2am used numbers like 100, 1000, 1001. I put this rule in one of my X_InboundCallRoute:

{(?|x|xx|xxx|xxxx|xxxxx|xxxxxx):} ...

It bans any blank caller id and any caller id less that seven digits. It's been working for me for a long time. Also can be worth changing your X_UserAgentPort from 5060 and 5061 to maybe 5070 and 5071.

lacibaci:
X_InboundCallRoute seems like a good enough temporary solution.  One more question: Does it get logged when it matches?

Navigation

[0] Message Index

[#] Next page