News:

On Tuesday September 6th the forum will be down for maintenance from 9:30 PM to 11:59 PM PDT

Main Menu

SIP scanners

Started by lacibaci, September 06, 2012, 05:50:04 AM

Previous topic - Next topic

Mango

Yes, there were some reports some time ago that Obihai was implementing some of the methods suggested by users in this thread.  :)

carl

Since there are a few people who still do report the same problems I wonder whether Obi 202 is now less susceptible than obi100 or 110 and or whether those having problems did all the firmware upgrades.

Mango

It's entirely possible.  Anyone with an OBi202 connected directly to a modem (no double-NAT) want to test the type of NAT that its router employes?

http://www.dslreports.com/forum/remark,22292023

ddgiant

I know it has been a while since any one posted in here but I have just received what I think is more SIP scanners.

From my call history they are showing "from 'abc' sp1(abc)" and "from 'us' sp1(us)"

My question is if I tweak my string as shown below, should that block these?

{(?|x|xx|xxx|xxxx|xxxxx|xxxxxx|us@@|abc@@):},{ph,ph2}

Thanks for all of your time and advise.

ianobi

ddgiant – welcome to the forum.

You are on the right lines, but the format is a bit more tricky. For example "abc" followed by something or nothing would be "abc@."  The dot is important!

The following string should work:

{(?|x|xx|xxx|xxxx|xxxxx|xxxxxx|u's'@.|abc@.):},{ph,ph2}

A further complication is that the "s" is a reserved character, so it needs to be enclosed by single apostrophes.

There are other ways to defeat scanners as detailed here:

http://www.obitalk.com/forum/index.php?topic=5467.msg35387#msg35387

The "Oleg Method" is highly recommended.


giqcass

I'm a big supporter of the "Oleg Method" myself.  It ended all sip scanner activity from ringing my phone.  Using  the "Oleg Method" the sip scanner would need your Ip address, port number, and user name to ring your phone.
Long live our new ObiLords!

ddgiant

Thanks for both of your quick reply's.  The last time I had to deal with this was before the Oleg method.

I just want to make sure I am re-setting this correctly due to a lot of talk in these forms that I do not deal with regularly so it is a little confusing to me.

I have 2 SP services (Callcentric for E911 and GV for everything else)

SP1 I will change my X_InboundCallRoute from {(?|x|xx|xxx|xxxx|xxxxx|xxxxxx|u's'@.|abc@.):},{ph,ph2} to{>17771234567:ph1,ph2} (I just changing back to default will not set this)
SP2 I will change my X_InboundCallRoute from {(?|x|xx|xxx|xxxx|xxxxx|xxxxxx|u's'@.|abc@.):},{ph,ph2} to {>gmailaddres@gmail.com} is this correct?

If the Google voice one is not correct then is there an easy fix, or being I know Google is dropping the protocol I am using, maybe it is time to do my change over to 100% callcentric.

azrobert

GoogleVoice doesn't use the SIP protocol, so you don't need to block SIP scanners on the GV trunk.

ianobi

For Callcentric on sp1 this {>17771234567:ph1,ph2} should work fine.

As azrobert says, you should not need to worry about GV on sp2. You can see from your Call History that the scanner calls are coming in on sp1.

Personally, I like to use the Oleg Method and change the UserAgentPorts away from 5060, 5061 etc as these are the ones most often targeted by scanners. Some may say it's overkill, but I like a "belt and braces" approach to this problem   :)

gderf

On my Obi200 the "Oleg Method" is applied automatically when configured via OBiTALK. There is no need to do this manually.
Help me OBiHai PhoneOBi. You're my only hope.

jazzy

I use Obi100 and receive incoming calls from an IPKALL number, registered
with Getonsip.  Receiving calls just fine, but now I want to add method #4
to thwart sip scanners.

I thought I understood what string to place in my inbound call routing.

So I did this:

X_InboundCallRoute:   {>('my_auth_user_name'):ph}

the authusername I'm using comes right from my SIP credentials
from the SIP Credentials page on the Obi
and yes, authusername are alpha/numeric

Can this method work with my Getonsip account with the IPKall # ?

currently calls do not ring my Obi with this string in the Inboundcallroute.
Suggestions?

gderf

I have

{>123456789:ph}

Where 123456789 is my_auth_user_name
Help me OBiHai PhoneOBi. You're my only hope.

jazzy

My authusername is Alphanumric.

when I place this in the X inbound call route
{>('myauthusername28'):ph}   the attached phone does not ring.

I'm getting myauthusername28 right from SP2 SIP credentials
authusername. Sp2 is using Getonsip (from an IPKALL # )

Does method #4 not work with authusernames from Getonsip?




gderf

Why don't you try it without the parentheses and single quotes?
Help me OBiHai PhoneOBi. You're my only hope.

drgeoff

#154
Quote from: jazzy on February 03, 2014, 03:24:56 PM
My authusername is Alphanumric.

when I place this in the X inbound call route
{>('myauthusername28'):ph}   the attached phone does not ring.

I'm getting myauthusername28 right from SP2 SIP credentials
authusername. Sp2 is using Getonsip (from an IPKALL # )

Does method #4 not work with authusernames from Getonsip?




Your format is correct so the next suspect is that the username you expect is not coming in.  Have a look at your call history to see what is shown against an incoming call.  Or perhaps call status during an incoming call call throw some light.  Revert your InboundCallRoute to ph for those test calls.

jazzy

Quote from: gderf on February 03, 2014, 04:00:18 PM
Why don't you try it without the parentheses and single quotes?


no difference, attached phone still does not ring.

jazzy

Quote from: drgeoff on February 03, 2014, 04:11:06 PM
Quote from: jazzy on February 03, 2014, 03:24:56 PM
My authusername is Alphanumric.

when I place this in the X inbound call route
{>('myauthusername28'):ph}   the attached phone does not ring.

I'm getting myauthusername28 right from SP2 SIP credentials
authusername. Sp2 is using Getonsip (from an IPKALL # )

Does method #4 not work with authusernames from Getonsip?




Your format is correct so the next suspect is that the username you expect is not coming in.  Have a look at your call history to see what is shown against an incoming call.  Or perhaps call status during an incoming call call throw some light.  Revert your InboundCallRoute to ph for those test calls.

Call history in the Obi?  When calling in via my cell, the Obi call history shows my CID of the cell phone. No user name.  what username might I be looking for?

Maybe this will help. I do not have my GV# ring the Obi.
My GV# forwards to an IPKALL #
The Obi picks up that IPKall number on SP2 using Getonsip credentials.
I currently call out on SP1 ( GV ) at least until May 2014

Testing  incoming options for when GV no longer supports XMMP, but want to be sure to
thwart the sip scanners. 

drgeoff

Yes, on reflection I think the Call History only shows "high level" stuff and not far enough down into the nitty-gritty.  I'm not even sure if Call Status will have what we are looking for.

Syslog will show the low-level detail but that is a bit more work to set up the server on a PC and then configure the Obi to use it.  Also, the log will have many other messages as well as those for an incoming SIP invite.

It is way past my bed-time!  I'll be off-line now until morning, UK time.

azrobert

Here is a trick you can do to determine the username.
Temporarily add {sp1($2)} to the beginning of your SP2 X_InboundCallRoute, then call your SP2 phone number.
$2 is a variable that contains the username of SP2.
The above rule will attempt to bridge the inbound call out SP1 using the username as the outbound phone number.
This call will obviously fail, but the call history will show the username as the outbound number.

jazzy

@azrobert  you da man! 

Make the trick described above happen and of course the call failed, but
I did see  a 'peer number' show up.  It was my alpha numeric user ID, not exactly as the one
in the SIP credentials of SP2 ( it was missing the 'getonsip_' )

Replaced {ph} with {>'my_user_id':ph} and the attached phone now rings!  :D

BTW I originally replaced {ph} with {>('my_user_id'):ph} but phone did not ring.

So if any one else uses Getonsip, just delete the 'getonsip_' and put in the rest of your user id.