HOWTO: Thwarting SIP Scanners during Set-up
giqcass:
Using the Oleg method you can still use Ip dialing just fine as long as the oncoming sip uri includes your auth name. You can also define multiple auth names with the Oleg method which is great because you can send them to different paths as well if you like.
{} is only needed in the more complex call routes. It simplest to just put them in all the time to eliminate errors.
absteeve:
Hi. New here. It is 4:57am as I begin writing this... been up since 4am... sure you can figure out why :(
First, I'm unclear on a lot of all this but THANK YOU for the solution. I keyed in quickly that Oleg's method is preferred. I inputted that (while under attack), hit reboot... problem solved. So that's fine, except:
1) I don't understand WHY it works or WHAT it does, so I'm not all that confident that I didn't just block everyone from calling me.
2) I don't understand why my PROVIDER isn't solving this issue. I use Callcentric, which seems to me to be a large, reputable, and experienced provider. Why are they using default ports and allowing such attacks to their customers?
3) I'm also trying to figure out if the reason for these attacks suddenly hitting me is because a) I switched from voip.ms to Callcentric or b) I switched from a PAP2T to a OBi100 or c) I switched from being behind a router to being in front of it.
Some more information on #3:
- I switched to Callcentric because they could port my home # and voip.ms couldn't. I was happy at first because the call quality seemed immediately better. HOWEVER, I've been battling frequent problems of calls disconnecting @ 5 minutes and/or one-way audio (always on incoming calls).
- Due to those problems, Callcentric suggested the problem was with my PAP2T device, so I got an OBi100. The OBi was never used on voip.ms. That's why I don't know which is causing this SIP attack issue (that I never had in YEARS with voip.ms/PAP2T).
- When switching to the OBi didn't help (dropped calls/one-way audio) they suggested it was probably my router, so I plugged it directly to the modem's 2nd port (mine has 2 available ports each getting its own WAN IP). That actually appeared to resolve the problem because immediately from the very first test call after that switch for the next 48 hours... not a single dropped call or one-way audio issue. However, after that (with no changes at all), back to frequent drops and one-way audio on incoming.
And, of course, now as of 4am... annoying bloody calls from these sip scanner attacks.
So now its 5:05am... still no calls since implementing the Oleg fix. I'm going back to bed for the next 45 minutes or so before my 2yr old wakes up (sigh). Hopefully in the morning you guys will have me comforted that Oleg's method isn't blocking wanted calls and maybe, just maybe, someone can give me some tips on my other problems (though I realize that's off topic)
sdb-:
3.c.
If done correctly it should let your provider contact your OBi, thus allowing calls as normal.
Prior to 3.c. the router was blocking incoming connection attempts. Now your OBi does not have that protection and is fully exposed to the Internet. Those scans/attempts come directly to your OBi without passing thru Callcentric or your router.
You could try putting the OBi back behind the router and turning off anything SIP related in your router. Anything else you do (DMZ or portforward to the OBi) will have the same effect as bypassing the router.
absteeve:
OK, thanks. For now I'll keep it exposed. I want to eliminate variables while we (Callcentric and I) attempt to fix the call drop-outs and one-way audio issues. It seems the router isn't the problem, of course, but until its fixed I don't want to introduce it back into the mix. But at least now I know why the sudden barrage of calls this morning!
Ostracus:
Hmmm, audience. Think a little syslogging will help? ;)
Navigation
[0] Message Index
[#] Next page
[*] Previous page