Mysterious Incoming Calls

Started by r00tkanal, March 15, 2012, 11:42:02 AM

Previous topic - Next topic

r00tkanal

Hi everyone,

I recently setup an obi110 for use with the voip.ms service. Everything has been working fairly well, with one exception. My problem is that I will randomly get a call from what the obi110, and my phone, reports as 555-0000 (no area code reported). As soon as I answer, the call is terminated. The last occurrence of this was today, with 2 calls of this type, within 1 minute of each other.

I have checked the call history on the obi110, and it shows the calls as originating from SP1, with each call being connected for about 8 seconds. However, my call report on voip.ms shows no record of these calls.

I contacted voip.ms support, and since they show no record of the calls, they can't assist in identifying their origin. They did, however; point to their wiki (http://wiki.voip.ms/article/FAQ#Why_am_I_receiving_calls_from_an_.22Asterisk.22_caller_ID.3F), where it talks about receiving calls with an asterisk as the CID. The article goes on to explain that there are cases of spam SIP 'robots', and if port forwarding is enabled, this may be the problem. In my case port forwarding of port 5060 is enabled (as a recommendation for better performance). I'll be removing this port forwarding rule.

My setup is simple. I have 1 SIP account with voip.ms, which is setup on SP1 on my obi. I have no other landline or voip service on the device. The obi is plugged into a tomato router, which is then connected to cable internet, with bandwidth to spare.

Do you have any ideas where this mysterious call may be originating from, and more importantly, how to stop it?

Thanks for any info.

- Jeff

QBZappy

r00tkanal,

Try using an port other than 5060. 5060 is the common port for voip. It may be enough.

Just curious, I would ask the OBi folks if they have any calls originating from the OBi network to your OBi box. They must have call detail records of their own system. I'm not too certain they would like to cooperate publicly because if the answer is as I suspect, they may not like it to be generally known that sip robots are using the OBi network.

Spock:
If you eliminate the impossible, whatever remains, however improbable, must be the truth.
Owner of the 1st OBi110/100 units in service in Canada & South America. 1st OBi202 on my street. 1st OBi1032 in Montreal.

RonR

It's likely SIP scanners probing your OBi.

You don't need to remove your port forwarding.  Simpy set:

Voice Services -> ITSP Profile A -> SIP -> X_AccessList : voip.ms_ip_address

Then, only Voip.ms will be permitted in.  If you need to allow others, such as SIP URI callers or incoming DID's, simply add their IP addresses to the list (separated by commas).

r00tkanal

Thanks for your quick replies!

@RonR I have followed your steps on limting access on to the obi.

Additionally, I modified my port forwarding rule on my router, to only allow the voip.ms IP address to connect to the OBI. A little redundancy never hurt...

Thanks again all!

- Jeff

pgde

Quote from: RonR on March 15, 2012, 12:00:35 PM
It's likely SIP scanners probing your OBi.

You don't need to remove your port forwarding.  Simpy set:

Voice Services -> ITSP Profile A -> SIP -> X_AccessList : voip.ms_ip_address

Then, only Voip.ms will be permitted in.  If you need to allow others, such as SIP URI callers or incoming DID's, simply add their IP addresses to the list (separated by commas).


Newbie here -- could this work for Anveo -- i.e. substitute anveo_ip_address for voip.ms_ip_address? Or is this the actual IP address of my OBI100? If the actual address, where do I find that?

Thx

P.

RonR

Quote from: pgde on March 19, 2012, 09:32:27 PM
Newbie here -- could this work for Anveo -- i.e. substitute anveo_ip_address for voip.ms_ip_address?

Yes.

pgde

Quote from: RonR on March 19, 2012, 10:26:00 PM
Quote from: pgde on March 19, 2012, 09:32:27 PM
Newbie here -- could this work for Anveo -- i.e. substitute anveo_ip_address for voip.ms_ip_address?

Yes.


Thanks, I'll try it.

Peter

MB..

Quote from: RonR on March 15, 2012, 12:00:35 PM
It's likely SIP scanners probing your OBi.

You don't need to remove your port forwarding.  Simpy set:

Voice Services -> ITSP Profile A -> SIP -> X_AccessList : voip.ms_ip_address

Then, only Voip.ms will be permitted in.  If you need to allow others, such as SIP URI callers or incoming DID's, simply add their IP addresses to the list (separated by commas).


One thing to watch out here: if a voip.ms server goes down, they will reroute calls via a different server. So you should probably add a comma-separated list of all the voip.ms server IP addresses for greatest reliability.

The SPA2102 has an option to only allow calls from the server you a registered to. I don't know if there's an equivalent on the Obi. 

Not being on port 5060 if you don't have a published sip URI is definitely a good idea. You can get an idea of the number of probes on this port by looking at the SANS Internet Storm Center here: http://isc.sans.edu/port.html?port=5060