HOWTO: Thwarting SIP Scanners during Set-up
Ostracus:
Quote from: Felix on March 23, 2013, 10:24:45 pm
The more I am thinking, Oleg's solution (#4) is bulletproof and doesn't have negative side effects. In other words, it's ideal.
Or what would be the situation when this wouldn't work? I assume that your adapter is not in DMZ; so if it is not registered with a provider, the port is closed to the internet. And if it is registered, then you have some kind of id that you can match against X_InboundCallRoute
Am I missing something? I don't know Oleg (I wish I knew), but it looks like a solution that is genius in its simplicity :D
Maybe Obihai would include it in their production digitmaps? Or at least the portal.
MattG:
I want to say thank you for the work so many of you have done. I still consider myself a newbie when it comes to voip and sip, and last night was the first time I've had issues with sip scanners during the night (started at 3am and every 5 min till 8am) With just a few minutes research, you guys had explained and answered all my questions.
Minor tweak to your setup instruction, as a newbie with CallCentric service I was following every character
"{>:17771234567:ph} [after adding protection from SIP scanners]" It didn't work till I took out the first ":" {>17771234567:ph}
Thanks Again
Matt
Agent88:
Quote from: Mango on March 19, 2013, 06:15:21 am
Quote from: Shale on March 11, 2013, 08:57:16 am
2. Change the (Voice Services)SPx Service->X_UserAgentPort ports for each SPx to a number not in the 506x range. This seems effective based on people's experience, but how long until the scanners broaden their scans?
I think it is unlikely the scanners will broaden their scans, though of course not impossible.
What they're trying to find is PBX systems set up with default or test settings, for example a User ID of "1001" and password of "password". Once they find such credentials, they can route calls to high cost destinations through the compromised PBX. Us OBi users aren't the target of their activities; we're just a side effect. Since someone who knows enough to change their PBX's port probably also knows not to use easy passwords, I think the scanners will find themselves most successful in the 50xx range.
So, I expect your suggestion is a good one and that using a port in the range of 20000-65535 should be quite safe.
I just became a member here today, and to my surprise came upon this topic. I have been getting these spam calls on my softphone I use with my RingCentral account. They started last October and got worse by January. I made numerous calls to RC tech support and spent hours upon hours with their level 3 engineers trying to stop them. They began by downloading Wireshark on my PC, showing me how to catch the IP of the ringing offender. Then I was told to put them in my Windows 7 firewall to block that IP. This was an exercise like "whack-a-mole" at Chuckee Cheeze. After entering two or three dozen IPs in my firewall even I realized I needed another approach, so I called tier 3 once more and this latest engineer had me change my LAN IP because it appeared to her that the scanner was using my softphone IP to do the dirty deed. I had been told at one point that I should change my port configuration, but it was never done. Now I read this forum and think that would have done the trick.
But wait, there's more: I noticed in configuring my Cisco devices that provisioning had made some mistakes in my dial plan relating to 7-digit dialing, which I fixed with the help of Cisco t/s. Are you saying that I might be able to add the instuctions about establishing an authorization name to block the ITSP's IP to the dial plan? How would I go about this, or is this an instruction set just for the OBI Expert configuration file?
QBZappy:
Welcome,
That method you referenced has been superseded. The mother of all solutions for scanner blocking has been developed by our friend oleg. Look him up in the search. He doesn't post often, however his contributions are significant. He is what I like to call a "deep thinker". :)
zapattack:
http://www.obitalk.com/forum/index.php?topic=5467.0
Reply #6 from Mango
is the short answer.
Navigation
[0] Message Index
[#] Next page
[*] Previous page