SIP scanners
Rick:
I guess I have to set aside a few hours to get this done. Basically I want 911 and 933 to go out on SP2, and ANY OTHER CALL to go out on a Voice Gateway that I'll set up with a cheap outbound service. So the Outbound Call Route should be fairly short and simple.
pvpham:
Hi,
Due to my ignorance, I totally lost reading these post. I would like to implement Oleg's method to block Sip scanner.
I currently have PhonePower on Sp1, CallCentric on Sp2.
My X_InboundCallRoute is now like this: {my_CC_ID>(Msp1):sp1},{101>1777xxxxxxx:aa},{ph}
I recalled the above setting is to ring my cell phone .
How do I implement the Oleg's string to my X_InboundCallRoute .
Thanks
DPMc:
Dear ObiHai,
I can not find the way to make the change as outlined in part 2 of the instructions on the first post in this page. Would you please tell me where to find it on the ObiTalk 100?
2. A more fool-proof method is to enable the parameter: X_EnforceRequestUserID. This parameter is under SPn in the SIP Credentials section. What this does, is it makes sure the incoming INVITE has a User ID that matches the User ID of your SIP service account. If it does not match, the INVITE will be rejected and the phone will not ring. Enabling this parameter will maintain normal voice service as well as block SIP scanners. Notes: Some service providers do not adhere to this rule. This parameter is not available on the OBi100 and OBi110 devices.
http://www.obitalk.com/obinet/pg/obhdev/config/2251269/advcfg_VS_1_VP_1_L_1_?inst=1
2. A more fool-proof method is to enable the parameter: X_EnforceRequestUserID. This parameter is under SPn in the SIP Credentials section. What this does, is it makes sure the incoming INVITE has a User ID that matches the User ID of your SIP service account. If it does not match, the INVITE will be rejected and the phone will not ring. Enabling this parameter will maintain normal voice service as well as block SIP scanners. Notes: Some service providers do not adhere to this rule. This parameter is not available on the OBi100 and OBi110 devices.[/color]
[End: Obihai Support Response]
[/quote]
Mango:
X_EnforceRequestUserID is a feature not available on the OBi1 series. For the same behaviour, set your SPx Service X_InboundCallRoute to: {>Insert your AuthUserName here:ph}
However, I disagree that this is a "more fool-proof method". With this method, the OBi will still accept, then reject the scanning traffic, indicating to a hacker that a device is present. If one day someone finds an exploit in OBi devices, all devices using this method will be hacked fairly quickly and most likely used to make expensive long distance calls.
The best way to prevent SIP scanners is with a firewall. In this case, the hacker will have no indication that VoIP equipment exists. Never use port forwarding or DMZ with any VoIP equipment as this disables your firewall. If you don't use port forwarding or DMZ and still receive scanning calls, you should consider replacing your router with a more secure one, such as any router with Tomato firmware: http://tomato.groov.pl/?page_id=69
ScottS:
Hi, where is this setting in the Obi302> "EnforceRequestUserID" ?
Quote from: lacibaci on September 06, 2012, 05:50:04 am
A more fool-proof method is to enable the parameter: X_. This parameter is under SPn in the SIP Credentials section. What this does, is it makes sure the incoming INVITE has a User ID that matches the User ID of your SIP service account. If it does not match, the INVITE will be rejected and the phone will not ring. Enabling this parameter will maintain normal voice service as well as block SIP scanners. Notes: Some service providers do not adhere to this rule. This parameter is not available on the OBi100 and OBi110 devices.[/color]
[End: Obihai Support Response]
Navigation
[0] Message Index
[#] Next page
[*] Previous page