Why do I periodically get several repeated calls from "101"?

Started by bradwn, May 06, 2011, 09:42:30 AM

Previous topic - Next topic

bradwn

As in TWELVE calls IN A ROW last evening. I had to turn off the ringer.  This also happened on April 1st, but not since.  I set up service in Mid march.  I periodically get calls from "asterisk" as well, but never many in a row like this.  What can I do?

I'm using THE Obi110 into a ATT U-verse gateway, with Voipmyway service.  The calls do not show in the call history on the voipmyway control panel, but do show up in the Obi web interface.


RonR

Looking at your OBi Call History, which OBi Service are these calls coming in on?  Is '101' and 'asterisk' showing up as the Peer Names?  If so, what are the Peer Numbers?

bradwn

Thanks for your reply.  Below is a screenshot of the last of the calls from last evening.  It looks like they ring for exactly 1 minute.



RonR

Somehow, it's coming in through your SP1 Service.  Is that your VoIPMyWay account?

You might be able to block it with the following:

Voice Services -> SP1 Service ->  X_InboundCallRoute : {101:},{ph}

QBZappy

bradwn,

Receiving 12 calls in a row looks like someone was trying to test something and it wasn't ringing his local extension.

As improbable as it may seem, I would verify with the Sip Provider to make certain you have a unique Username and ID to logon to their service. Perhaps ask them to give you new logon credentials.
Owner of the 1st OBi110/100 units in service in Canada & South America. 1st OBi202 on my street. 1st OBi1032 in Montreal.

bradwn

Correct, SP1 is VoIPMyWay, nothing is set as SP2.

I'll check with them.  I picked up on a couple of the calls, nothing audible on the other end. 

wintek

Quote from: bradwn on May 06, 2011, 12:21:58 PM
Correct, SP1 is VoIPMyWay, nothing is set as SP2.


In VoipMyWay's vPanel, set 101 in the incoming routing to blacklist.  That will keeping from getting to the Obi.

voipmyway

This is due to script kiddies running tools looking for insecure voip services. What happens is they dial looking for extensions that are improperly configured.

This has been escalated and is being researched as what we can do on the service side, but since we are not the makers of the obi or have one for testing we can not offer a answer on to how to block at the obi. Have you tried what the other users recommended about setting up the block routes on the obi?

voipmyway

Here is the official response / fix

Change the port of the user's local SIP port. This isn't relayed through our network.

It was more than likely someone scanning their ISPs range for open PBX servers.

It can't be blocked as it wasn't sent through our network. We have received several reports of this on various ISPs. Some people are scanning large blocks of IPs in an attempt to find Asterisk or SIP servers that are not secure. They are scanning ranges of IPs to see if there are open PBXes on them, then on any of the ones where there are open PBXes, they attempt to use them to make outbound calls.


bradwn

Ok, a month later and after changing the port #, and I'm still getting calls occasionally.  The latest ones occured on 5/21 and 5/23, from Peer Number "200" and "asterisk" (4 times).  How do I make this stop?  Can I block any calls that are not from a regular telephone number?  Do I have to just live with this?


RonR

Quote from: bradwn on June 08, 2011, 02:41:17 PM
Ok, a month later and after changing the port #, and I'm still getting calls occasionally.  The latest ones occured on 5/21 and 5/23, from Peer Number "200" and "asterisk" (4 times).  How do I make this stop?  Can I block any calls that are not from a regular telephone number?

Did you try the suggestion I posted on May 6:?

Voice Services -> SP1 Service ->  X_InboundCallRoute : {101:},{ph}

A more general, 3-digit block would be:

Voice Services -> SP1 Service ->  X_InboundCallRoute : {(xxx):},{ph}

bradwn

No, I didn't.  So I enter it brackets and all as follows?:

{200:},{ph}

Can I do this to cover the most frequent peers?:

{101:},{200:},{asterisk:},{ph}

What exactly does that do?

RonR

The InboundCallRoute is used to route incoming calls.  It can match CallerID numbers and do something special with them.  Since you're getting more than just 101 now and they appear to always be 3-digit numbers, I suggest:

Voice Services -> SP1 Service ->  X_InboundCallRoute : {(xxx):},{ph}

This will route any incoming call with a CallerID of a 3-digit number to the bit-bucket.  All others will go to the PHONE Port as usual.

bradwn

I appreciate your help.  2 questions to clarify:

1. Do I enter this into the field exactly as shown (between the quotes) "{(xxx):},{ph}" ?  I ask because currently InboundCallRoute is set to default, and the field simply shows "ph".  The syntax of what you posted seems different.

2. Is there a way I can do the same with "asterisk"?  That is the most frequent call I get. 

RonR

The curly braces can be omitted if there is only one rule in the route, hence the ph instead of {ph}.

If 'asterisk' is being listed as a Peer Number, then a rule for it too can be included:

Voice Services -> SP1 Service ->  X_InboundCallRoute : {asterisk:},{(xxx):},{ph}

The InboundCallRoute format is described in detail on page 113 of the OBi Device Administration Guide.

bradwn

Thanks.  I unchecked the Default box, entered the new string, saved, confirmed and rebooted, and it's back to Default again.  tried it twice, no luck. 

RonR

You have two options when maintaining an OBi:

1. Enable Auto Provisioning and do all configuration though the OBiTALK configuration facility.

2. Disable Auto Provisioning and do all configuration manually through the OBi itself.

It's one or the other - you can't mix them.

QBZappy

Quote from: RonR on June 09, 2011, 09:14:50 AM
You have two options when maintaining an OBi:

1. Enable Auto Provisioning and do all configuration though the OBiTALK configuration facility.

2. Disable Auto Provisioning and do all configuration manually through the OBi itself.

It's one or the other - you can't mix them.


This is the number one newbie issue, comes up time and again. Those using the Expert configuration might be better served if the pop up notice when about to enter the Expert Configuration portal explained the above mentioned statement more clearly than it does now. The pop up just asks :
"Are sure you want to enter OBi Expert Configuration?"
Of course you can expect the user behavior will be to click on the OK button. At that moment it is not obvious to a new user that the configuration option on the OBi unit should not be used.

Should there be a better notification? Should there be a check box in the Expert configuration where the user deliberately checks to acknowledge that this will override the OBi unit. The offered solution solves some remote configuration issues and creates another annoying one.
Owner of the 1st OBi110/100 units in service in Canada & South America. 1st OBi202 on my street. 1st OBi1032 in Montreal.

bradwn

If the question is "Should Obi users be able to block REPEATED, ANNOYING calls from non-human peers easily, without entering advanced configuration?" The answer is most certainly YES.

RegularJoe

 filtering or routing option.   

can this process be used for "unknown"   - this is the string I am getting from the scanners .