SIP scammers and transfer

[lacibaci]

Here is a new one for me. Today, I got a couple of calls from "200" (nothing new I now I can block them) I let it go to my answering machine and I hear: "Welcome to Callcentric...Your call cannot be completed..."  Looking at OBi100 log I see this:



Is someone trying to use my OBi as zombie? Has anyone else seen something like this?  BTW, numbers they were trying to call are Israel/Palestine.

[QBZappy]

How is that call being transferred?

[lacibaci]

How is that call being transferred?

I have no idea, both 'user' and 'admin' have strong passwords.

[CoalMinerRetired]

This is a wild guess. Does it have anything to do with peering to other VoIP networks, which CallCentric fully supports: http://www.callcentric.com/faq/4/150

I don't fully understand peering, yet. But it seems someone might have one digit wrong and be calling "200" on another network, but they are getting you and your Obi device via CallCentric.

[lacibaci]

These are direct IP calls - they're not coming from Callcentric.  Although, you may be right, scam bags are probably trying to exploit the peering somehow. Time to use X_InboundCallRoute   I'll keep a packet capture on in case they come back...

[MB..]

Just to remind you that

• in the service provider settings you can use X_AccessList to limit the IP addresses that can call you - not sure if this is a fixed set for CallCentric
• unless you are distributing your SIP URI to people, there's no reason to use the default port of 5060 - this will eliminate a lot of hack attempts.

The SPA3102 has a setting for only accepting SIP calls from the IP address it is registered to. Don't think there's an equivalent with Obi but there might be.

[lacibaci]

I agree X_AccessList would be the best solution.  However, Callcentric uses 500 IPs so unfortunately that rules this out.