News:

On Tuesday September 6th the forum will be down for maintenance from 9:30 PM to 11:59 PM PDT

Main Menu

SIP scanners

Started by lacibaci, September 06, 2012, 05:50:04 AM

Previous topic - Next topic

ianobi

QuoteHere is a trick you can do to determine the username.
Temporarily add {sp1($2)} to the beginning of your SP2 X_InboundCallRoute, then call your SP2 phone number.

That is a neat trick. I'm filing that one away for future use ...   :)

giqcass

Quote from: ianobi on February 04, 2014, 04:41:49 AM
QuoteHere is a trick you can do to determine the username.
Temporarily add {sp1($2)} to the beginning of your SP2 X_InboundCallRoute, then call your SP2 phone number.

That is a neat trick. I'm filing that one away for future use ...   :)
I saved it to my file already. lol
Long live our new ObiLords!

Rick

I've now setup Callcentric on both SP1 and SP2 on my 110.  I got 2 free DIDs, and setup GV to forward my two numbers, one to each of them.  Works great.

Then, I setup SP2 with the {>1777xxxxxxx:ph} and it worked fine.

I now want to setup SP1 also.  Since it uses an extension, it's 1777xxxxxxx101.  I tried that, and nothing comes through (this is the peer number displayed in history).  I tried using it without the extension, and nothing comes through, which doesn't surprise me. 

Ideas welcome.


Rick

I read that (earlier in the thread), tried it, but got nothing new.  Perhaps I was doing it wrong.  If SP2 works today and is setup just fine, and SP1 is just plain PH, I change that to:

{sp2($2)}:ph    ?

I want to discover what to put in the SP1 X_Inbound Call Route.

Thanks!

Shale

Quote from: Rick on May 14, 2014, 02:06:06 PMIf SP2 works today and is setup just fine, and SP1 is just plain PH, I change that to:

{sp2($2)}:ph    ?

I want to discover what to put in the SP1 X_Inbound Call Route.

Thanks!
I am thinking that would be
{sp2($2)},{ph}

Rick

What that shows me is the Callcentric number with the extension after it, and when I used that it didn't ring at all. 

I guess I'll worry about it when I start getting callers in the middle of the night on that line.

azrobert

Try:
{>(1777xx.):ph}

Rick

Thanks, that worked (i.e. call came through).

So that restricts it to receiving Callcentric calls only, correct?  Appreciate it.

Now I have to figure out how to setup a Voice Gateway for all my outbound calls to automatically use the gateway, not SP1 or SP2  :)

Shale

Quote from: Rick on May 15, 2014, 01:08:38 PM
Thanks, that worked (i.e. call came through).

So that restricts it to receiving Callcentric calls only, correct?  Appreciate it.

Now I have to figure out how to setup a Voice Gateway for all my outbound calls to automatically use the gateway, not SP1 or SP2  :)
Depends on what you mean by a Callcentric call. Non-Callcentric users will be able to dial your phone number that is served by Callcentric.

Regarding gateway, set it up to test first.

On phone OutboundCallRoute, I think that is processed left to right. So if you add {(Mvg1):vg1}, after your 911 processing and after your **1, **2 etc processing, and before other things that you want to have less precedence, then if the number matches the DigitMap for VG1, then the number will be sent out on the VG1 service. If it does not, then the next thing in the routing will be processed. The last thing in the OutboundCallRoute would normally be ,{(Mpli):pli} -- so that things that don't match the special cases go out on the Primary Line.

If VG1 were a choice for your Primary Line, you could just select that. It looks like you could maybe put VG1 into a trunk group and make that the Primary. I have not tried trunk groups.



Rick

I guess I have to set aside a few hours to get this done.  Basically I want 911 and 933 to go out on SP2, and ANY OTHER CALL to go out on a Voice Gateway that I'll set up with a cheap outbound service.  So the Outbound Call Route should be fairly short and simple.

pvpham

Hi,

Due to my ignorance, I totally lost reading these post. I would like to implement Oleg's method to block Sip scanner.

I currently have PhonePower on Sp1, CallCentric on Sp2.

My X_InboundCallRoute is now like this: {my_CC_ID>(Msp1):sp1},{101>1777xxxxxxx:aa},{ph}

I recalled the above setting is to ring my cell phone .

How do I implement the Oleg's string to my X_InboundCallRoute .

Thanks

DPMc

Dear ObiHai,

I can not find the way to make the change as outlined in part 2 of the instructions on the first post in this page. Would you please tell me where to find it on the ObiTalk 100?

2. A more fool-proof method is to enable the parameter: X_EnforceRequestUserID. This parameter is under SPn in the SIP Credentials section.   What this does, is it makes sure the incoming INVITE has a User ID that matches the User ID of your SIP service account. If it does not match, the INVITE will be rejected and the phone will not ring.  Enabling this parameter will maintain normal voice service as well as block SIP scanners. Notes:  Some service providers do not adhere to this rule. This parameter is not available on the OBi100 and OBi110 devices.
http://www.obitalk.com/obinet/pg/obhdev/config/2251269/advcfg_VS_1_VP_1_L_1_?inst=1


2. A more fool-proof method is to enable the parameter: X_EnforceRequestUserID. This parameter is under SPn in the SIP Credentials section.   What this does, is it makes sure the incoming INVITE has a User ID that matches the User ID of your SIP service account. If it does not match, the INVITE will be rejected and the phone will not ring.  Enabling this parameter will maintain normal voice service as well as block SIP scanners. Notes:  Some service providers do not adhere to this rule. This parameter is not available on the OBi100 and OBi110 devices.[/color]

[End: Obihai Support Response]


[/quote]

Mango

#173
X_EnforceRequestUserID is a feature not available on the OBi1 series.  For the same behaviour, set your SPx Service X_InboundCallRoute to: {>Insert your AuthUserName here:ph}

However, I disagree that this is a "more fool-proof method".  With this method, the OBi will still accept, then reject the scanning traffic, indicating to a hacker that a device is present.  If one day someone finds an exploit in OBi devices, all devices using this method will be hacked fairly quickly and most likely used to make expensive long distance calls.

The best way to prevent SIP scanners is with a firewall.  In this case, the hacker will have no indication that VoIP equipment exists.  Never use port forwarding or DMZ with any VoIP equipment as this disables your firewall.  If you don't use port forwarding or DMZ and still receive scanning calls, you should consider replacing your router with a more secure one, such as any router with Tomato firmware: http://tomato.groov.pl/?page_id=69

ScottS

Hi, where is this setting in the Obi302> "EnforceRequestUserID" ?

Quote from: lacibaci on September 06, 2012, 05:50:04 AM
A more fool-proof method is to enable the parameter: X_. This parameter is under SPn in the SIP Credentials section.   What this does, is it makes sure the incoming INVITE has a User ID that matches the User ID of your SIP service account. If it does not match, the INVITE will be rejected and the phone will not ring.  Enabling this parameter will maintain normal voice service as well as block SIP scanners. Notes:  Some service providers do not adhere to this rule. This parameter is not available on the OBi100 and OBi110 devices.[/color]

[End: Obihai Support Response]



Taoman

Quote from: ScottS on February 10, 2018, 03:11:41 PM
Hi, where is this setting in the Obi302> "EnforceRequestUserID" ?


I only have the 1xx and 2xx series but I assume it would be in the same location:

Voice Services-->SPx Service-->SIP Credentials

ScottS

#176
yes TY! obiTalk parameter was unchecked by me.

found Inbound routing unchecked both and edited to block
& Have been using back up feature.
IF both Inbound routing boxes unchecked, it appears that line is not saved. I searched in wordpad but not found.
so started a text file to save that line.
What else should I do? I have several backups now JIC.  
TY!

Taoman

Quote from: ScottS on February 12, 2018, 03:08:28 PM

What else should I do? 


Voice Services-->SPn Service-->X_AcceptSipFromRegistrarOnly

Check the box for that parameter.

ScottS

#178
Phonepower list setup 
Click the Enter OBi Expert button.
Click to enlarge
• On the left hand side of the new page, expand the menu for Service Providers by clicking on it.
Click to enlarge
• Click on ITSP Profile A SIP.
Click to enlarge
• Scroll down until you see the section for X_AccessList.
Click to enlarge
• Click the box on the checked box on the far right to uncheck the box.
• In the text entry box to the right of "X_AccessList" please enter

   208.64.8.6,206.15.130.6,206.15.150.6

Works on my Obii302s w/ latest firmware

Quote from: lacibaci on September 06, 2012, 05:50:04 AM
Is there a way of preventing SIP scanners from ringing my phone at night?....
...

flamaest@gmail.com

Quote from: ScottS on April 02, 2018, 11:35:48 AM
Phonepower list setup 
Click the Enter OBi Expert button.
Click to enlarge
• On the left hand side of the new page, expand the menu for Service Providers by clicking on it.
Click to enlarge
• Click on ITSP Profile A SIP.
Click to enlarge
• Scroll down until you see the section for X_AccessList.
Click to enlarge
• Click the box on the checked box on the far right to uncheck the box.
• In the text entry box to the right of "X_AccessList" please enter

   208.64.8.6,206.15.130.6,206.15.150.6

Works on my Obii302s w/ latest firmware

Quote from: lacibaci on September 06, 2012, 05:50:04 AM
Is there a way of preventing SIP scanners from ringing my phone at night?....
...

Can we please get these steps detailed for an OBIHAI 202 which is just using GVoice?  I turned off DMZ on my router and I still see {much less} phantom calls come in, but the ones that make it through into the obihai are sometimes at 2 or 3 am!  I am about to toss this thing in the garbage.