Good afternoon!
Thank you very much for the answers! The second post is very interesting
I've been analyzing traffic on the local network and have not found anything suspicious, neither PCs nor the OBI 110.
Then I have done a port scan to the OBI 110 and I have seen that has open UDP port 10000 is identified as SIP:
PORT STATE SERVICE VERSION
10000 / udp open SIP (SIP end point; Status: 100 Trying)
The potential problem is that it seems to open the port on the router itself using uPNP. The strangest thing in my case is that in the router this port is not listed as redirected to OBI, but if I do a port scan from outside, it is listed as open.
After this, I would say that the attack came from outside and directly to the OBI 110. I would like to know how you can place the call directly connecting to de OBI at port 10000 and redirect the call to the LINE port. Could anyone show me the way? I would like to test this behavior to see if my tehory is correct.
If the attack was using port 10000 / UDP, how can I block the possibility of making the call? I need to know because maybe the next attack comes from the LAN...
Does anyone have any SIP client or something to run tests calls on these devices and ports?
Greetings and thanks again!!