News:

On Tuesday September 6th the forum will be down for maintenance from 9:30 PM to 11:59 PM PDT

Main Menu

13 Digit calls - SIP calls? Can I block?

Started by newinvestor23, January 09, 2018, 12:16:42 PM

Previous topic - Next topic

newinvestor23

Hey,
I have Obi 200, worked great for years, blocked the SIP calls with 3 digits long time ago, I haven't had to change anything for a while. So last few days, had 2 weird numbers, are these SIP?
9-051-001-1122 and 2-151-001-1122
I dont think they are real numbers or people, I answered one and it hung up straight away back to dialtone
Can I block them?
thanks

drgeoff

#1
Those are 11 digit numbers, not 13.

To block anything with more than 11 digits, insert

{(xxxxxxxxxxxx.): ()},

at the front of the X_InboundCallRoute of the relevant SP(s).  There are 12 'x's followed by a period.

If you want to block anything with more than 10 digits, omit one 'x'.

If you want to block anything with more than 10 digits unless it has a leading '1', use

{([2-9]xxxxxxxxxx.): ()},

The board converts a colon followed by an opening parenthesis into an emoticon.  I've inserted a space which you can remove.

Mango

Instead of blocking these with your dial plan, you should block them with your firewall so that the attack traffic never reaches your VoIP equipment.  To get around a dial plan block, all an attacker will need to do is use a valid Caller ID.

If you have port forwarding or DMZ in place, remove it.  Port forwarding and DMZ disables your firewall and is a security risk.  If your router has an option like "high security" or "strict UDP session control", enable it.  If none of these solve the problem, your router is insecure.  You can work around the problem by changing your OBi's X_UserAgentPort to a random number between 20000 and 65535, for example, 36941.  This won't make you invulnerable, but it will take longer for the attackers to find you.  A better solution would be to buy a new (more secure) router.

newinvestor23

#3
Sry, not sure why I put 13. So it is an attack of sorts? Like and SIP? (What are they trying to accomplish exactly?) I have a random port, but I can change it. My router was weird not opening ports but I will try it again.

Mango, I have to port forward, or I will not be able to hear the other caller, or other issues i remember. I have Bell's Home Hub 3000 router.
Can I add a few with comma separated to this  X_UserAgentPorts  so it will pick random port each time?

Thanks for info

drgeoff

There are two ways these strange calls can come in:

1.  Via your Service Provider(s).  The caller spoofs the Caller ID.  If your provider has a web page which lists your incoming calls, have a look there.  If those calls are on the list then blocking calls (as my earlier rely) that have "wrong" numbers is the only way to stop them ringing your phone.

2.  Direct to your OBi, ie not through any of your Service Providers.  There is an additional setting in 200 series firmware 'X_AcceptSipFromRegistrarOnly'.  You will find that under 'Voice Services', SPx Service (x=1 to 4).  Enable that for all the SPs that are active on your OBi.

Mango

Quote from: newinvestor23 on January 15, 2018, 07:44:31 AMMango, I have to port forward, or I will not be able to hear the other caller

I would be extremely surprised if forwarding your X_UserAgentPort solved a one-way audio problem.

Quote from: newinvestor23 on January 15, 2018, 07:44:31 AMCan I add a few with comma separated to this  X_UserAgentPorts  so it will pick random port each time?

No.

newinvestor23

I use freephoneline.ca so I dont think anyway to check provider, I dont see anyway in my account on their website. They do show up under Status-> Call History

I will try port forwarding as well as changing the X_UserAgentPort and enabling X_AcceptSipFromRegistrarOnly.
If it keeps happening, I will block the 11 digit callers and hope they dont try regular numbers. I do not get calls from outside of North America anyway.

Thanks to both of you,

cheers