Weird Incoming Call on Outgoing-only SP2 Line

[eid3tic]

Forgive me if this issue is already addressed on this forum. I've looked and cannot find anything relating to my current problem.

Background info:
I have an Obi100 with SP1 (Google Voice) set up for all primary outgoing/incoming calls. I have SP2 (EasyVoip.com) set up as a secondary outgoing line that I use for international calls. For the last 24 hours, I have been receiving these weird calls* from a number listed as "1213" on my caller ID. I checked my Google Voice call history and couldn't find this number. I thought it might be somehow coming through the Obi device itself, so I dug into my Obi's IP address and looked at the call history there. This Obi page indicates that the "1213" call is coming from SP2 (EasyVoip). I tried drilling into my EasyVoip account but cannot find anything related to these phantom calls, which makes sense because I have that EasyVoip account set up as outgoing only and outgoing calls from that service still show up as coming from my Google Voice number. I'm not sure what else to look into at this point to resolve the problem.

*The asterisk above regarding "weird calls" is because calls from this strange "1213" number do not ring my home phone like how a regular call does. For example, if I call my home phone from my cell phone, I get a regular ring. These calls from the "1213" number ring my phone in a different ring tone, which, coincidentally or not, is the same ring tone as the Uniden "Find my phone" ring tone (i.e., when you cannot find your phone, you push the button on your base, and it rings the phones).

I would really appreciate any help on this issue. Thanks.

[drgeoff]

Sounds like a 'sip scanner',  the VoIP version of those people who try to hack into your home network. There are many posts here about defences. Search for 'Oleg method' to find perhaps the best thread.

[eid3tic]

Thanks, drgeoff. I spent about three hours last night researching the issue and came to the same security hole conclusion. I made quite a few changes to my default settings, and I think I know of the change that you are referring to. Can you please confirm that after these changes, I should be good to go now?

http://www.toao.net/500-mangos-guide-to-configuring-an-obi-ata
Voice Services >> SPx Service:
--X_InboundCallRoute: {>Insert your AuthUserName here:ph}

System Management >> Auto Provisioning:
--Auto Firmware Update >> Method: Disabled
--ITSP Provisioning >> Method: Disabled
--OBiTalk Provisioning >> Method: Disabled

Voice Services >> OBiTALK Service:
--Enable: (Unchecked)

Physical Interfaces >> PHONE Port:
--DigitMap: (add !**5S0| as the first sequence of the DigitMap)

System Management >> Device Admin:
--Web Server >> AdminPassword: (pick a strong password)
--Web Server >> UserPassword: (pick a strong password)


If you think I should make any other changes, please let me know.

Also, I received about 4 or 5 total calls from that "number". Is it possible that my network is already compromised? I'm a little worried that someone may have managed to get onto my network and that changing the Obihai settings will not fix that problem.

[drgeoff]

http://www.obitalk.com/forum/index.php?topic=5467.0

Only the first of the settings you changed is relevant to SIP scanning. Of the others except the passwords you are being paranoid.

SIP scanners are looking for ways to make calls at your expense by coming in (at no cost to them) via SIP and bridging to go out via one of your providers. They cannot make changes to your OBi's configuration or the configuration of, or the files on,  any other device or computer on your network by coming in that way. Nothing on your network has been compromised by those calls.

[eid3tic]

Okay, perfect. I haven't had any strange calls since I implemented those changes. Thanks for the help!