Unknown peer inbound on SP1 in middle of night w/o a trace - help!

[ChrisF]

My setup is an Obi110 connected to the web and Voip.ms setup as SP1, with a regular handset connected to the Obi.

Twice in the past two weeks, I've received an unknown peer name/number call at around 4:30am (both times). The phone would ring, I'd answer, hear a blip like a long distance call getting connected in the 1990s, but no one / thing on the other end. If I'd hang up right away, the phone would immediately ring again. Only by keeping the call engaged for 30s+ and then hanging up would it end.

Obi shows the following log:
Call 1   07/10/2012 04:31:34   
Terminal ID   SP1 PHONE1
Peer Name unknown   
Peer Number unknown   
Direction Inbound Inbound
04:31:34 Ringing   
04:32:17 Call Connected
04:32:59 End Call
   
Call 2   07/10/2012 04:31:07   
Terminal ID   SP1   PHONE1
Peer Name unknown   
Peer Number unknown   
Direction Inbound Inbound
04:31:07 Ringing   
04:31:33 Call Connected
04:32:15 End Call   

Call 3   07/10/2012 04:30:51   
Terminal ID   SP1   PHONE1
Peer Name unknown   
Peer Number unknown   
Direction Inbound Inbound
04:30:51 Ringing   
04:31:07 Call Connected
04:31:25 End Call

Call 4   07/10/2012 04:30:50
Terminal ID   SP1   PHONE1
Peer Name unknown   
Peer Number unknown   
Direction Inbound Inbound
04:30:50 Ringing   
04:30:50 End Call

Strangely, Voip.ms call logs do not show any calls occurring at that time.

Has anyone experience something like this? I thought of doing a time restriction on Voip.ms, but that does no good if it's an Obi110 glitch. I'd appreciate any help.

[QBZappy]

ChrisF,

Welcome

Others have reported similar events. More than likely something scanning the internet for open voip ports. Find the ip address of the voipms server, then put that ip in this section. It should end:

ITSP Profile A/B->SIP->X_AccessList

[ChrisF]

Thanks for the reply. I did manage to find another topic on the matter as well. I didn't know the cause so I didn't realize my issue had overlap with others.

I'll try your voip.ms IP suggestion and the inbound call route blocking I've seen and hopefully no more awful wakeup calls.

[Hortoristic]

What might the IP be for Google Voice for ITSP Profile A/B->SIP->X_AccessList?

ChrisF,

Welcome

Others have reported similar events. More than likely something scanning the internet for open voip ports. Find the ip address of the voipms server, then put that ip in this section. It should end:

ITSP Profile A/B->SIP->X_AccessList

[QBZappy]

Hortoristic,

Google voice ip range:
74.125.0.0 - 74.125.255.255
http://www.whois.net/ip-address-lookup/74.125.131.125

From my location in Montreal I specifically obtain this ip (as per my router firewall): 74.125.131.125
Also ping this address in the DOS prompt and see what it returns to you: voice.Google.com

[Hortoristic]

I'm confusing myself now - I thought the SIP scanner problem was only for non-GV folks, as GV isn't working via SIP?

However; since I forward all my GV calls to the free NY CallCentric number, to get free caller name lookup, and CallCentric is SIP - I think I just need to put the Callcentric IP in the x_accessList paramter?

And lastly; since I use a free DID number in UK, so my wife's family can call for free; I need also to put that appropriate IP in that SP4 x_accessList parameter.

Is that all I really need to do to get rid of the port scanners?  No pattern matching, no port changes - just add the right IP to the x_accessList parameter for each SIP account (not GV, as it's not SIP), RIGHT?

Hortoristic,

Google voice ip range:
74.125.0.0 - 74.125.255.255
http://www.whois.net/ip-address-lookup/74.125.131.125

From my location in Montreal I specifically obtain this ip (as per my router firewall): 74.125.131.125
Also ping this address in the DOS prompt and see what it returns to you: voice.Google.com

[QBZappy]

However; since I forward all my GV calls to the free NY CallCentric number, to get free caller name lookup, and CallCentric is SIP - I think I just need to put the Callcentric IP in the x_accessList paramter?

Good luck with that. When you look up the CC server ip list you will see that you could not possibly include them all in the OBi 'x_accessList paramter'.

Is that all I really need to do to get rid of the port scanners?  No pattern matching, no port changes - just add the right IP to the x_accessList parameter for each SIP account (not GV, as it's not SIP), RIGHT?

Yes that should work. However this technique is futile when you have too many ips to list. It becomes impractical or not possible.

It occurs to me that you may not have realized that it is not the callers ip that needs to be put on the list. It is the server which the OBi is registered to.

If you have a limited set of callers, you can use a strategy as suggested by forum member oleg, to set them in an inbound call route directly. Send every other unauthorized call on that trunk to the call bin. This can work in specific use cases.