News:

On Tuesday September 6th the forum will be down for maintenance from 9:30 PM to 11:59 PM PDT

Main Menu

Reject SIP requests except from registration server

Started by MB.., September 15, 2012, 06:46:31 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

MB..

September 15, 2012, 06:46:31 PM
X_AccessList lets you restrict the IP addresses that can contact you. It would be nice if the registration IP address could be specified here - i.e. disable all IP calls from unknown entities but not have to specify the registration server's IP (which might change).

SPA2102 has this feature and it's useful for preventing VoIP hacking attempts.

(If there is this feature, I can't find it!)

Encino_Stan

#2
October 07, 2012, 10:00:30 PM
QuoteIf there is an option on the ATA device to restrict incoming calls to only the IP address you are registered with, switch it on. (This will help to prevent calls from other than voip.ms being accepted)
I am looking for this feature.

adamb2k12

#3
October 08, 2012, 06:45:00 PM
We must have this feature! My phone rings at ungodly hours of the night and they just hang up... there is never anyone there... the calls did not come through my SIP provider ...   :-[

QBZappy

#4
October 08, 2012, 07:54:01 PM
I think most VoIP SP's have few possible servers to register to. The following setting may provide what you need in order to limit calls coming over any other foreign unwelcome service. It seems services like Callcentric might be a problem because they seem to have too many server addresses to list making it impractical or impossible to setup in the OBi. If the phantom calls are coming over the OBiTALK service, then we may have another problem.

ITSP Profile X->SIP->X_AccessList
Owner of the 1st OBi110/100 units in service in Canada & South America. 1st OBi202 on my street. 1st OBi1032 in Montreal.

adamb2k12

#5
November 01, 2012, 06:49:12 AM
Quote from: QBZappy on October 08, 2012, 07:54:01 PM
too many server addresses to list making it impractical or impossible to setup in the OBi.

And that's exactly why the access list feature is an unacceptable solution to this problem.  There needs to be a feature that specifically rejects traffic not coming from the SIP proxy.

OBiSupport

#6
January 11, 2013, 04:38:39 PM
Please see the OBi Admin Guide (p. 94) for details on the parameter called "X_AccessList".

X_AccessList
A comma separated list of IP addresses such that the device only accepts SIP requests coming from one of the given addresses. If the list is empty, the device accepts SIP requests from any IP address

This is found in the ITSP SIP Settings area of the configuration.

lacibaci

#7
January 11, 2013, 05:00:49 PM
Quote from: OBiSupport on January 11, 2013, 04:38:39 PM
Please see the OBi Admin Guide (p. 94) for details on the parameter called "X_AccessList".

X_AccessList
A comma separated list of IP addresses such that the device only accepts SIP requests coming from one of the given addresses. If the list is empty, the device accepts SIP requests from any IP address

This is found in the ITSP SIP Settings area of the configuration.


Not trying to be rude, but did you read the messages in this thread?

Lac

lhm.

#8
January 11, 2013, 07:35:04 PM
 "There needs to be a feature that specifically rejects traffic not coming from the SIP proxy."

Is that not what Obi Support is saying?  "A comma separated list of IP addresses such that the device only accepts SIP requests coming from one of the given addresses."

lacibaci

#9
January 11, 2013, 09:44:41 PM
Quote from: lhm. on January 11, 2013, 07:35:04 PM
"There needs to be a feature that specifically rejects traffic not coming from the SIP proxy."

Is that not what Obi Support is saying?  "A comma separated list of IP addresses such that the device only accepts SIP requests coming from one of the given addresses."

Right. He's suggesting X_AccessList. Unfortunately (as mentioned in this thread) this will not work for a large number of servers (something Callcentric has)

Lac

flex25

#10
January 18, 2013, 06:56:54 PM
Quote from: OBiSupport on January 11, 2013, 04:38:39 PM
Please see the OBi Admin Guide (p. 94) for details on the parameter called "X_AccessList".

X_AccessList
A comma separated list of IP addresses such that the device only accepts SIP requests coming from one of the given addresses. If the list is empty, the device accepts SIP requests from any IP address

This is found in the ITSP SIP Settings area of the configuration.

Yeah, but.....it does not work for Callcentric and other providers that have large ranges of IP addresses.  If Obi accepted an IP address range in X_AccessList, it will work with all providers.  ObiSupport?  Please allow this in a future update.  We would love you so very much if you did.  ;)

Encino_Stan

#11
January 19, 2013, 06:28:08 PM
Quote from: OBiSupport on January 11, 2013, 04:38:39 PM
Please see the OBi Admin Guide (p. 94) for details on the parameter called "X_AccessList".

X_AccessList
A comma separated list of IP addresses such that the device only accepts SIP requests coming from one of the given addresses. If the list is empty, the device accepts SIP requests from any IP address

This is found in the ITSP SIP Settings area of the configuration.

The original poster of this thread specifically mentioned the X_AccessList option as a non-solution.

That solution might work in some cases, but it is doesn't work if you are accessing a SIP by DNS name and not IP address and the IP address is subject to change. My VoIP provider, voip.ms, suggests "If there is an option on the ATA device to restrict incoming calls to only the IP address you are registered with, switch it on. (This will help to prevent calls from other than voip.ms being accepted.)" That way no matter what server that you are registered with, than it only accepts connections from that server. No need to be constantly changing the X_AccessList option.

There have been 2 changes to the IP list that I had to update in my X_AccessList since OBISupport made the suggestion to use that option.

rousseau1

#12
February 15, 2013, 07:47:30 AM
I am curious also and I can't remember anything useful  from my Cisco studies and too busy  to dig thru my books for an answer but I have some serious LAN concerns as well that I know needs to be addressed.
OBI 110

TrapDoor

#13
March 05, 2013, 09:20:26 PM
Quote from: flex25 on January 18, 2013, 06:56:54 PM
Quote from: OBiSupport on January 11, 2013, 04:38:39 PM
Please see the OBi Admin Guide (p. 94) for details on the parameter called "X_AccessList".

X_AccessList
A comma separated list of IP addresses such that the device only accepts SIP requests coming from one of the given addresses. If the list is empty, the device accepts SIP requests from any IP address

This is found in the ITSP SIP Settings area of the configuration.

Does anybody know how long this list can be - i.e. how many characters?

lacibaci

#14
March 06, 2013, 04:58:06 AM
Quote from: TrapDoor on March 05, 2013, 09:20:26 PM
Does anybody know how long this list can be - i.e. how many characters?

512 characters including space and commas.

Lac

lucycandy

#15
April 06, 2013, 01:35:49 AM
It seems services like Callcentric might be a problem because they seem to have too many server addresses to list making it impractical or impossible to setup in the OBi.







____________________________________
wow gold|diablo 3 gold|Dragon Nest Gold|GW2 Gold

lacibaci

#16
April 06, 2013, 06:14:14 AM
Quote from: lucycandy on April 06, 2013, 01:35:49 AM
It seems services like Callcentric might be a problem because they seem to have too many server addresses to list making it impractical or impossible to setup in the OBi.

You can never have enough servers :)

Fortunately, there is a way to do this another way:
Put this into X_InboundCallRoute for Callcentric:

>1777XXXXXXX:ph

(replace X with your number)

Print
Go Up Pages1
User actions