SIP scanners
rsriram22:
Quote from: ianobi on September 06, 2012, 09:38:15 am
It may be worth looking at Peer Number in Call History to see what the scanners identity looks like. The scanners calling me at 2am used numbers like 100, 1000, 1001. I put this rule in one of my X_InboundCallRoute:
{(?|x|xx|xxx|xxxx|xxxxx|xxxxxx):} ...
It bans any blank caller id and any caller id less that seven digits. It's been working for me for a long time. Also can be worth changing your X_UserAgentPort from 5060 and 5061 to maybe 5070 and 5071.
i just had calls coming from 1000,100 (during my daytime and a holiday).. did change the call route as suggested in this thread and changed my SP2 port. so lets see what happens
what is weird is that syslog has entries coming from my obi's LAN IP (Lan 192.168.1.x) -- hackers are getting smarter by the day! obi calling itself !!
Hortoristic:
These SIP scanner calls, how do you know your getting them? When you answer, it just hangs up?
I'm getting calls from "From '0' SP1(0)" in my call history, and hangs up right away - does this look like a SIP scanner?
Also; what is the purpose of these folks doing this - are they collecting real phone numbers to give to telemarketers or what? Wouldn't a robo call machine function the same way and just sit there and call a range of numbers, collecting the ones that were answered?
ianobi:
Who and why is not easy to answer ??? Is this really what you see in Call History > Peer Number:
From '0' SP1(0)
If so, then that's a new one! If it is an ongoing nuisance you could try something like this in the relevant InboundCallRoute:
{(?|x|xx|xxx|xxxx|xxxxx|xxxxxx|Fro@@.):},{ph}
See earlier in this thread for explanations.
giqcass:
Even SIP devices can be used to hack your internal network if they aren't set up properly. When someone is port scanning that's usually what they are trying to do. They might not be looking for a SIP device at all. They may be scanning all ports. They may be looking for a specific SIP device that has a vulnerability. Then they can hijack it to make outbound calls, steal passwords, ect.. The one thing you can be pretty sure of is whatever they plan to do it isn't going to benefit you.
QBZappy:
giqcass,
You wonder why these guys just don't get themselves a free GV account. It would save everyone a lot of work. :D
Navigation
[0] Message Index
[#] Next page
[*] Previous page