It's a beautiful thing to see 22 rejected calls, all between 5 - 6 am :)
BTW, the log is from my firewall/router packet capture.
(https://lh6.googleusercontent.com/-EN16j3H8l6Q/UFkOLlkyz3I/AAAAAAAABLA/7KaSe8_Se6o/s800/Screenshot%2520from%25202012-09-18%252020%253A03%253A25.png)
Nice!
Can you elaborate on what I am seeing here? Someone tried to hack into your OBi?
The "From" column contains the caller (from GEO data looks like someone from Spain?) and "To" column contains the number they're trying to call. Notice that all numbers are international.
What kind of firewall do you use?
How was this blocked?
Why/how was your OBi targeted to begin with? Does it have external IP?
My firewall/router is ZyXEL USG50. There is nothing special about my setup - OBi unfortunately accepts invites for all numbers not just your own.
Ideally, OBi would accept calls for my own number only or (through config) from registered server.
Does your OBi have external IP address? I just wonder how you were singled out for this attack.
What kind of rule you have in your router to reject these and allow valid calls?
No, no external address for OBi. It is behind NAT. I don't think I was singled out - most likely your ATA is probed as well... I have my firewall packet capture on (temporarily) and OBi is configured to reject all callers I don't like (inbound route rule)
I am new to this. Are you saying that if you didn't reject these attempts in firewall scammer would be able to complete these calls and you would be charged?
I suppose it is possible, although in my case they were not successful. The worst thing was that my phone rang in the middle of night. See my other thread:
http://www.obitalk.com/forum/index.php?topic=4142.0
I read the thread you linked to.
So if Callcentric uses 500 IP-s - what kind of rule do you have in your router to filter this out?
I could not use access list so I used inbound call route instead.
What do you have specified in inbound call route?
lacibaci
OBi inboundcall call route shows rejected in the ZyXEL router log?
Quote from: QBZappy on September 19, 2012, 04:54:51 PM
lacibaci
OBi inboundcall call route shows rejected in the ZyXEL router log?
I guess lacibaci specified something in OBi inbound call route that causes call to drop and network connection gets rejected in the router.
He does indeed! See:
http://www.obitalk.com/forum/index.php?topic=4067.msg27103#msg27103
Quote from: QBZappy on September 19, 2012, 04:54:51 PM
lacibaci
OBi inboundcall call route shows rejected in the ZyXEL router log?
Sorry, I missed your message. Yes, if OBi rejects the call (using black hole {xxx,}), you can see it in firewall's packet capture. It just happens that my firewall (ZyWALL USG) logs packets in a format that can be read with Wireshark which has a very nice tool to look at SIP and VOIP.