News:

On Tuesday September 6th the forum will be down for maintenance from 9:30 PM to 11:59 PM PDT

Main Menu

Calls from *9399

Started by CityOracle, September 14, 2018, 07:45:12 PM

Previous topic - Next topic

Sheffield_Steve

#20
It sounds to me that the router is not configured correctly and is letting traffic in and out.

First thing I would do is run a simple penetration test.  Gibson Research has a good one on their site at:

https://www.grc.com

I can't link directly to the page needed as it's generated dynamically.  

Click on the "Services" menu and then "Shields UP" and then click on "Common ports" BELOW the big Orange button.

If that passes OK then enter:  5060-5061 in the Custom port box and press "enter"



CityOracle

Steve,

Very much appreciate the tips.
Not knowing much on this topic, this is an education for me.

The test failed on the router for "Solicited TCP Packets:"  on port 22 (SSH) and 80 (HTTP)

Any suggestion how I can secure them?

The test on 5060-5061 showed "Closed" status (I guess they are good).

So the security breach seems to be my router on port 22 and 80.
Please help me fix them.

Many thanks!
-David

Sheffield_Steve

What do you get when you select the "All service ports" test?

CityOracle

Running "All service ports" got:

Red (Open): 22 (SSH). 53 (Domain), and 80(HTTP)
Green (Stealth):  0, 23, 25, 135-139
The rest are all blue (Closed).

Thanks.

Sheffield_Steve

#24
That doesn't explain why you were getting the SIP calls then.

Are you hosting a web server on the internet?  

Are you using a VPN?

All cable providers have a way to access their modem but typically don't do it via an insecure web server.

To get to the bottom of this without detailed information on your setup and needs is going to be almost impossible though.

Taoman

Quote from: Sheffield_Steve on September 18, 2018, 11:05:32 AM
That doesn't explain why you were getting the SIP calls then.


OP was not getting "SIP calls." He was getting calls via the OBiTALK network. This is why it was recommended to change the InboundCallRoute for the OBiTALK service to null.

If these were SIP scanners, checking the box for X_AcceptSipFromRegistrarOnly would have worked.

Here's drgeoff briefly mentioning the difference between the two:
http://www.obitalk.com/forum/index.php?topic=11407.msg75134#msg75134

Sheffield_Steve


CityOracle

Steve, Taoman,

Thank you both for charming in.

No VPN, no website.
I just have a simple Cable modem-->router-->Obi202  set up for making phone calls.

I double check.  X_AcceptSipFromRegistrarOnly is checked (not using ObiTalk or Device settings)

Please advise if there is anything I should do to prevent malicious scanners.

This Obi202 device is great and loaded, but requires a lot of in-depth tech knowledge to manage.

Appreciate both of your for the help!
-David

Sheffield_Steve

As I said it's going to be difficult to get to the bottom of your security issues on here.

I good start would be to check all the cabling and then reset the router to default. But I would hate to tell you to do that as it may break something that I don't know about.  Your best bet would be to find the forum for your router.

But the end game of the security scan is to get a response of Stealth from all ports scanned. Here's mine:


dboling

Quote from: CityOracle on September 18, 2018, 10:36:23 AM
Running "All service ports" got:

Red (Open): 22 (SSH). 53 (Domain), and 80(HTTP)
Green (Stealth):  0, 23, 25, 135-139
The rest are all blue (Closed).

Thanks.

I just ran the test on my server and it failed as I expected since it does serve web,email,dns,ect...

After analyzing the mine sweeper graph of my test the colors mean:
RED: port exposed to the world.
Green: firewall blocking port from the world.
Blue: firewall not blocking the port, but no services on router needing to be blocked.

Bottom line, you need to block the world from port 22 and port 80 which are your router administration ports.
Port 53 is not an issue as it's used for DNS lookups.

On the surface the Internet is a cool place with sites like Amazon and EBay, but in reality there are MASS amounts of evil on the internet with people and even entire countries scanning internet IP addresses for open ports to exploit.

As Sheffield_Steve suggested locate a forum that deals with your model of router, if a manual was included, read it.

If you haven't already done so, change the default password of the router and make sure the firmware is up to date.

-Diane

Sheffield_Steve

The colors for the ports are as follows:

Red   - Open for input. (Bad - unless you have opened it for some reason)
Blue   - Closed but the scanner can tell there is a port there. (Good)
Green - Closed and the scanner does not detect the presence of a port. (Best)