I am getting calls in the middle of the night that are not coming from my VoIP prodiver. They have to be coming through the Obitalk network. They usually don't have caller ID info, but the one today showed 101 as the caller ID. How do I disable Obitalk on the Obi110?
Those calls are not coming from the OBiTALK Service. They are coming from SIP scanners.
The only effective way to block them is to use:
Service Providers -> ITSP Profile x -> SIP -> X_AccessList
where x is A and/or B if configured for SIP.
Place the IP address(es) of authorized SIP connections in this list, separated by commas.
Thank you. I find it unlikely that SIP scanners are comming through my firewall. I never had this problem before with other ATA devices. I figured out how to disable auto provisioning and the Obitalk service, so I will try that first. If that does not work, I will try your suggestion.
With the OBiTALK Service disabled, you can't make or receive calls to other OBi's or OBiON Apps.
If you look in the OBi Call History, you will clearly see they are coming in on SP1 and/or SP2, not OBiTALK.
You can also enable Syslog and you'll find most of them are coming from Russian IP addresses.
RonR is correct! What is so special about your firewall? If individuals can defeat the Pentagon or other Corporate Firewalls, why do you think your lowly firewall can stop individuals with very high technical know how from bypassing your firewall and/or make outgoing calls from your OBi ATA? If you do a quick search on this forum, you will see multiple post related to this issue and ways to prevent it.
Quote from: txcas on February 16, 2012, 12:27:10 PM
Thank you. I find it unlikely that SIP scanners are comming through my firewall. I never had this problem before with other ATA devices. I figured out how to disable auto provisioning and the Obitalk service, so I will try that first. If that does not work, I will try your suggestion.
Quote from: RonR on February 16, 2012, 12:33:35 PM
With the OBiTALK Service disabled, you can't make or receive calls to other OBi's or OBiON Apps.
If you look in the OBi Call History, you will clearly see they are coming in on SP1 and/or SP2, not OBiTALK.
You can also enable Syslog and you'll find most of them are coming from Russian IP addresses.
I know, I don't make OBI's calls or use Obion Apps. I have 2 lines setup with Voip.ms and that is all I need my Obi to do. I will let you know how it goes.
Quote from: txcas on February 16, 2012, 01:42:11 PM
I will let you know how it goes.
You will be awakened in the middle of the night again.
Quote from: RonR on February 16, 2012, 01:49:38 PM
Quote from: txcas on February 16, 2012, 01:42:11 PM
I will let you know how it goes.
You will be awakened in the middle of the night again.
I am sorry to disappoint you, but problem fixed since disabling Obitalk. You were right, the calls are not internal Obitalk calls, but the SIP scanners are riding on the ports used by Obitalk. That is why the other Linksys ATAs I have been using for years on the same network do not experience this problem.
Quote from: txcas on February 23, 2012, 08:58:27 AM
I am sorry to disappoint you, but problem fixed since disabling Obitalk. You were right, the calls are not internal Obitalk calls, but the SIP scanners are riding on the ports used by Obitalk. That is why the other Linksys ATAs I have been using for years on the same network do not experience this problem.
If that were the case, allowing only legitimate IP addresses in on ITSPA/ITSPB would not be effective, but it is totally effective.
Syslog captures of the SIP scanners also reveal they're coming in on port 5060 and not via the OBiTALK Service (port 10000).
The main reason the OBi is vulunerable to these scans is it accepts INVITES addressed to *any* SIP userid.
Question for RonR. Would the IP Addresses you mention be the address(es) of the Proxy?
Quote from: ProfTech on February 29, 2012, 02:42:43 PM
Question for RonR. Would the IP Addresses you mention be the address(es) of the Proxy?
Yes. You also have to list any IP addresses that send you calls via SIP URI.