SIP scanners
ianobi:
thegoat54,
Scan back to reply #50 in this thread.
"@" will match one number or one letter, "@." will match none or more numbers or none or more letters. For example admin@. will block all of the cases you saw beginning with the letters "admin".
Hortoristic:
I'm using: {(?|x|xx|xxx|xxxx|xxxxx|xxxxxx|xxxxxxx|xxxxxxxx|xxxxxxxxx):},{ph}
However I do want to accept calls from "Unknown" (work work office) - what can I change?
Quote from: thegoat54 on February 20, 2013, 04:30:24 am
Hi everyone,
So I haven't been bothered by calls for a while by using this string.
{(?|x|xx|xxx|xxxx|xxxxx|xxxxxx|xxxxxxx|xxxxxxxx|xxxxxxxxx):},{ph}
Keep in mind I was still using port 5060.
This morning I had the mother of all attacks. In the past, I would receive 1 SIP call and then it would stop. Today someone kept on trying!! I got calls with the following ID's
user1, administrator, admin, admin1, admin12, admin123, admin1234, admin12345, office, office1, office12, office123, office1234, office12345, guest, guest1,guest12
And then I logged in and change my SP1 port to 5076, and SP2 port to 5077 and then the calls stopped.
Wow, talk about abusive. I wonder how long it would have gone for?
Anyhow, all this names came up with no number attached to them. Just a caller ID name. Can we block names without numbers?
oleg:
I've also received scanner calls on OBI202 and trying to filter them out.
First of all - I am running OBi202 on custom port (let's say 5078), but scanners finally got there :-(
I do not like the idea to guess about caller id (the way discussed above), this way I would potentially filter out legitimate calls. I would rather match callee id.
This should be possible to do, as explained in "Inbound Call Route Configuration" of "OBi Device Administration Guide"...
"SIP URI" is the address which your peer sends in "invite" request to call you: like this "INVITE sip:123456789@12.34.56.78:5078 SIP/2.0..."
If my SIP URI was "123456789@sip.myhost.com:5078" - I could set X_InboundCallRoute as ">123456789:ph1,ph2" - than only a call with correct URI would pass through. I tried this and it worked.
However, my SIP URI includes letters, for example "myname@sip.myhost.com:5078" or "123456_name@sip.myhost.com:5078". Simply putting alphanumeric id (>myname:ph1,ph2) did not work. Ive tried some wildcards like >12345_@.:ph1,ph2 or >[mynae].:ph1,ph2 nothing worked. I did not succeed to make the filter working with non-numeric id.
Has anybody tried / used it? Any ideas?
Thank you
Shale:
Quote from: oleg on March 20, 2013, 03:21:43 pm
>12345_@.:ph1,ph2
I would try >'12345_'@.:ph1,ph2 or >'mynae'@.:ph1,ph2
or some such... Actually I don't know what it is you are trying to match, but in any case, try single quotes. The admin guide says "literals - Everything inside a pair of single quotes is treated as a literal except for the single quote () character. "
oleg:
I've tried single quotes (sorry, forgot to mention) - it did not work.
In other words Inbound Call Route ">'myname':ph1,ph2'" blocks call to "myname@12.34.56.78:5078".
Now I've tried to use double quotes - the result was quite surprising - filter allowed everything to come through (either matching or not).
Does not work anyway...
Navigation
[0] Message Index
[#] Next page
[*] Previous page