On Tuesday September 6th the forum will be down for maintenance from 9:30 PM to 11:59 PM PDT

Main Menu

OBi, please help us defeat SIP scanners/spammers

Started by lacibaci, December 23, 2012, 06:40:34 PM

Previous topic - Next topic


OBi, please help us defeat SIP scanners/spammers by implementing one or both feature requests mentioned here:

Reject SIP requests except from registration server

Please allow IP range in X_Access List to stop SIP Scanners

Either would help out tremendously. Currently I have to resort to firewall rules and inbound rules. X_AccessList with its 512 character limit is not useful for VOIP providers with large number of servers.





Add me to the list of users requesting this feature. 


add my voice to the list. Again last night I was scanned / spammed. I had to re add the x_accesslist to my latest setup. The phone would'nt stop ringing.


For anyone having this problem, double check that you remembered to set:

Voice Services >> SPx Service >> X_UserAgentPort: (some random number greater than 1024 20000 and less than 65535)


Another day and the phone rings in the middle of the night... :( Something should seriously by done about this.

How hard would it be to implement just ONE of the features mentioned above?

I am almost at the point of dumping this hardware and getting something else...



Quote from: Mango on March 15, 2013, 06:35:56 PM
What was your X_UserAgentPort set to?

It's not the default (5060) but changing the port and playing with access list/rules is not working for the long haul. For hackers it's very easy to scan other ports (or ranges)
What we need is a real fix from OBi. I doubt it would take more than a couple of hours to implement the first one (Reject SIP requests except from registration server)

How about that OBi?


Out of curiosity, could you PM me what the port number was?  I'm curious because this is the first time I have heard of scanners using a nonstandard port.


I thought better of my recommendation above.  Until you have another solution, you might want to try a random number between 20000 and 65535.


Quote from: Mango on March 19, 2013, 05:46:13 AM
What was your X_UserAgentPort set to?

It was not the default, nor in the 506x range.


Ironic, that we got a fairly sophisticated comment spam (konglo) in the thread discussing SIP spam.


 I had to re add the x_accesslist to my latest setup.


HOWTO: Thwarting SIP Scanners during Set-up

QuoteNote: Things changed for the better about June/July 2013. OBiTalk has been implementing method 4, Oleg method described below, for at least some of the SIP providers by default. If your provider is not one that OBiTalk lists or if you get a SIP scan, or if you have overridden the X_InboundCallRoute so that OBiTalk does not control the field, or if you choose to not use OBiTalk, the information below will still apply. (note #j)
     =========The need for the following has been reduced========

I'm assuming X_UserAgentPort needs to be unique when multiple obi on LAN (and unique among multiple IP phone control ports)

By using an X_UserAgentPort outside 5060-5080 what pfSense WAN- and LAN rules would the gurus suggest?

I'm using pfsense on the recommendation of one more tech than myself as my previous router had undisablable sip alg.


are your OBIs not sitting behind a firewall?  (not routing, not-NAT, merely firewall IDS)