HOWTO: Thwarting SIP Scanners during Set-up
Taoman:
Quote from: dconway on May 10, 2014, 07:36:56 pm
Does anyone know what value I need to subsitute for {ph}in X_InboundCallRoute to get "Oleg's Method #4" to work with PhonePower? Thanks for this great thread and for any help you can provide.
You need to enable SIP credentials or you don't have SIP, do you? Are you saying you haven't enabled SIP credentials but you are registering and making and receiving calls? How would you know your SIP password?
Here is the string for X_InboundCallRoute: {>xxxxxxxxxx:ph}
where xxxxxxxxxx is your AuthUserName which is your Auth ID which is your PhonePower supplied phone number.
dconway:
Problem is there is no ID to insert.
Luckily PhonePower responded to a support ticket I submitted and recommended following the instructions here. Hopefully that helps
http://www.phonepower.com/wiki/Obihai_Lite#Disable_Direct_IP_Dialing
TonyC:
I know this topic is old, but I just switched over to Future-Nine from GV and within 24 hours my OBI202 came under SIP attack (it is BEHIND my NetGear firewall). I even went so far as to read my NetGear log files and block individual IP addresses but still the attacks continued....every 25 minutes like clockwork. I followed the advice below and the insanity stopped immediately. I used steps 0, 2, & 4.
On step 4 I did not use (), just this >AuthUserName:ph where AuthUserName is supplied in SIP Credentials section on the same config page - just below the SP1 Service Group
PEACE & quiet AGAIN ! Thank you Mango.
Tony
Quote from: Mango on August 18, 2013, 08:13:22 am
My preference is a combination of the following:
Method 0) Disable any SP that you're not using.
Method 2) Change X_UserAgentPort on SPs configured for SIP to a number between 20000 and 65535.
This will reduce the number of SIP scans that reach your device.
Method 4) Change X_InboundCallRoute to {>('Insert your AuthUserName here'):ph}
If any scanners discover the port you're using, the device will reject the call unless it's destined for your AuthUserName.
I prefer not to filter based on Caller ID Number and Shale seems to agree with me. It would be easy to spoof a legitimate-looking number.
Method 3) is effective but my VoIP service provider changes their IPs from time to time and they have so many I can't keep up.
Look30:
Great !
Thanks TonyC and Mango.
Quote from: TonyC on May 17, 2014, 10:06:58 pm
I know this topic is old, but I just switched over to Future-Nine from GV and within 24 hours my OBI202 came under SIP attack (it is BEHIND my NetGear firewall). I even went so far as to read my NetGear log files and block individual IP addresses but still the attacks continued....every 25 minutes like clockwork. I followed the advice below and the insanity stopped immediately. I used steps 0, 2, & 4.
On step 4 I did not use (), just this >AuthUserName:ph where AuthUserName is supplied in SIP Credentials section on the same config page - just below the SP1 Service Group
PEACE & quiet AGAIN ! Thank you Mango.
Tony
Quote from: Mango on August 18, 2013, 08:13:22 am
My preference is a combination of the following:
Method 0) Disable any SP that you're not using.
Method 2) Change X_UserAgentPort on SPs configured for SIP to a number between 20000 and 65535.
This will reduce the number of SIP scans that reach your device.
Method 4) Change X_InboundCallRoute to {>('Insert your AuthUserName here'):ph}
If any scanners discover the port you're using, the device will reject the call unless it's destined for your AuthUserName.
I prefer not to filter based on Caller ID Number and Shale seems to agree with me. It would be easy to spoof a legitimate-looking number.
Method 3) is effective but my VoIP service provider changes their IPs from time to time and they have so many I can't keep up.
SSmith:
Quote
On step 4 I did not use (), just this >AuthUserName:ph where AuthUserName is supplied in SIP Credentials section on the same config page - just below the SP1 Service Group
FWIW, my AuthUserName is alpha-numeric and calls would be rejected unless I used the
>('AuthUserName'):ph
syntax.
It makes sense from the Admin guide that an all-numeric AuthUserName would not require the parentheses and hyphens but an alpha-numeric one would. Presumably, the hyphens would not be necessary if the AuthUserName did not include any reserved characters but mine does.
Navigation
[0] Message Index
[#] Next page
[*] Previous page