Blocking inbound SIP spam calls
drdigital1:
I switched my AT&T landline to obi + anveo in order to get rid of telemarketer calls. This worked out perfectly.
A few weeks ago I switched ISP (from Comcast to AT&T; AT&T supplies the gateway so I also have a new router because of the switch). Since then, I've been getting (at 4AM or so!) SIP spam calls (anveo logs, of course,do not show these calls). Calls had a CID of 100, some were from SIPVICIOUS.
I implemented the changes shown at http://www.obitalk.com/forum/index.php?topic=1104.0 and with 3 digit calls blocked, no more SIP spam calls for a week. This morning, I got 3 calls from CID 1001 – since I only blocked 3 digit calls, these went through. I will block all calls with CID less than 10 digits but this doesn't look like an insurmountable obstacle for spammers – won’t they use 10 digit CID?
Given that my problem has never happened with Comcast and with my old router, I believe that there must be a solution where only calls coming from anveo are allowed; everything else should be blocked. If not a router set up, then, for sure, it should be possible to set up obi (I use obi202) to block calls not coming from my registered service provider (anveo), shouldn't it?
Any recommendation?
Many thanks,
ianobi:
Three actions can be taken:
1. Change:
Voice Services -> SP1 Service -> X_UserAgentPort : 5060
5060 is the most likely target as it’s a standard SIP “listening port”. I would change all the UserAgentPorts to some obscure range, maybe 5470, 5471 etc.
2. Set a good InboundCallRoute trap on each sp. Currently I’m using:
Voice Services > SP1 Service > X_InboundCallRoute:
{(?|@|@@|@@@|@@@@|@@@@@|@@@@@@):},{ph}
This stops calls with no CallerID and any CallerID with less than seven alphanumeric characters. CallerIDs such as 100, 1001, test1, admin etc are stopped.
3. Configure:
Service Providers -> ITSP Profile x -> SIP -> X_AccessList
Quote from RonR:
Quote
It's possible for calls to come directly into your OBi. The OBi accepts SIP URI calls addressed to <anything>@your_ipaddress:5060 if SP1 is configured for SIP and <anything>@your_ipaddress:5061 if SP2 is configured for SIP.
You can prevent unauthorized SIP activity by configuring:
Service Providers -> ITSP Profile x -> SIP -> X_AccessList
with a list of IP addresses authorized to communicate with that particular SPx Service.
Generally, this list contains your service provider's IP address and the IP addresses of anyone you expect to get SIP URI calls from.
I have found just using items 1 and 2 above was enough to stop all nuisance calls.
It is odd how the spam calls always come in the early hours of the morning, no matter what time zone you live in >:(
RFord:
Would number 2 prevent calls with CNAM of "SIPVICIOUS"? This happens to have 10 alpha characters. I do agree that Item 1 & 2 would probably solve the bulk of the problems. Recently I have gotten these calls on my IP Phone (Panasonic, registered to my VOIP provider, VOIP. ms) and the SIP port was not set to 5060 ( I was using 5070 and 5080 on the two lines the calls came in on) or was there any port forwarding from the Router to the IP Phone. The caller ID was coming first as 1000, which I blocked and then they came in as 1001. They seem to be getting very clever with their scanning abilities. Maybe they are reading these forums to see what countermeasures people are using. ;)
Quote from: ianobi on March 09, 2013, 09:39:44 am
2. Set a good InboundCallRoute trap on each sp. Currently I’m using:
Voice Services > SP1 Service > X_InboundCallRoute:
{(?|@|@@|@@@|@@@@|@@@@@|@@@@@@):},{ph}
This stops calls with no CallerID and any CallerID with less than seven alphanumeric characters. CallerIDs such as 100, 1001, test1, admin etc are stopped.
ianobi:
Quote
Maybe they are reading these forums to see what countermeasures people are using.
I hope not, but you may be right! I've been sleeping well since I implemented 1 and 2 above, so I'm hopeful that we are ahead of the scanners/spammers/scammers :)
If "SIPVICIOUS" is recorded in the OBi as Status > Call History > Peer Name, then it should not have any effect. The OBi only routes incoming calls according to CallerID, which it records in the OBi as Status > Call History > Peer Number. So it's whatever is recorded in Peer Number that matters when it comes to blocking a call.
drdigital1:
Thanks for the quick reply. I already did the port change and blocked less than 10 digit CID.
I have not tried your 3rd suggestion (from RonR) though.
Quote
You can prevent unauthorized SIP activity by configuring:
Service Providers -> ITSP Profile x -> SIP -> X_AccessList
with a list of IP addresses authorized to communicate with that particular SPx Service.
Generally, this list contains your service provider's IP address and the IP addresses of anyone you expect to get SIP URI calls from.
This might be a stupid question, but how do I figure out the IP address for my service provider (anveo) that I should fill in?
Navigation
[0] Message Index
[#] Next page