Why do I periodically get several repeated calls from "101"?

Started by bradwn, May 06, 2011, 09:42:30 AM

Previous topic - Next topic

RonR

Quote from: RegularJoe on November 18, 2011, 03:40:54 AM
can this process be used for "unknown"   - this is the string I am getting from the scanners .

Yes:

Voice Services -> SPx Service -> X_InboundCallRoute : {unknown:},...

Unfortunately, these scanners keep changing their peering number.  I've been getting calls from '100', '101', 'sip', 'asterisk', and most recently 'unknown'.  Most of them are coming from Russian ISP's, so complaints are usually ignored.

A better way to block this unwanted crap is to supply the OBi with a list of the IP addresses that it should accept SIP requests from.  For example, I have a SIP provider named Ribbit configured on SP2 and also want to accept calls from IP Comms as well as my PAP2:

Service Providers -> ITSP Profile B -> SIP -> X_AccessList : 192.168.1.145,8.15.247.77,64.154.41.100

192.168.1.145 : PAP2
8.15.247.77 : Ribbit
64.154.41.100 : IP Comms

Calls from any other IP addresses should be ignored.

Kamakzie

I get them too.  Got one from 101 this morning..  UGH


QBZappy

Kamakzie,

Perhaps you can prevent this by setting this up with the ip of your sip SP:

Service Providers->ITSP Profile A/B->SIP->X_AccessList = ip add of your sip service
Owner of the 1st OBi110/100 units in service in Canada & South America. 1st OBi202 on my street. 1st OBi1032 in Montreal.

Stewart

Quote from: Kamakzie on June 28, 2012, 09:35:35 AM
Got them again from "1" today.
Change SP1 -> X_UserAgentPort from 5060 to e.g. 5070 and they should go away.  If you previously needed to forward port 5060 to the OBi, forward the new port instead.

flex25

I also got another one today, peer name sipvicious, peer number 100.  I was unable to format an IP range in Service Providers->ITSP Profile A/B->SIP->X_AccessList.  I use Callcentric, and they use an IP range.  Obi takes individual IP addresses, separated by commas.

QBZappy

flex25,

Yes we have been there before. That should be a feature request, don't you think.   ;)
Owner of the 1st OBi110/100 units in service in Canada & South America. 1st OBi202 on my street. 1st OBi1032 in Montreal.

flex25

Right you are, QBZappy!  It has been done.  Hopefully, Obi will make this update.

Stewart

If you use a random value for SP1 -> X_UserAgentPort (instead of 5060), you will rarely, if ever, see a bogus call.  IMO 98%+ of SIP scans are to port 5060.

ianobi

@Stewart. I'm sure that you are correct regarding AgentPorts. I have used 5070(sp1) and 5071(sp2) and had six months free of bogus calls to my OBi110. That is until last night when I got calls from PeerNumber 1000 on sp1 and sp2 at 4am  >:( It does not matter where you live in the world, they always call in the middle of the night!

Just how random can we make AgentPorts? Most people seem to use ports in the 5xxx range. Is there a good reason for this? I don't want to restrict access from odd ip addresses as this can be useful when travelling. I guess a combination of random AgentPorts and using RonR's "sending them to the bit bucket" is the answer.

ianobi

Stewart

You could use a random high port, e.g. 47612, though these clowns could be scanning every port on the the entire Internet (conceivably, it would be possible with e.g. a million zombies), so it might not help.

You could also set up InboundCallRoute for the SPx to only accept calls to specific destinations (the DID or account numbers that your providers normally send).

ianobi

Thanks for the advice. I was never very fond of clowns or zombies  :)

Ostracus

It seems to me a combination will work best. White-listing your providers IPs, changing ports to something nonstandard, and of course RonRs method of sending three-digit numbers to the bit bucket. And yes any filtering on the providers end closed that hole.

ChrisF

If you change SP1 -> X_UserAgentPort to some random port, I presume you have to do the same for SP1 -> X_KeepAliveServerPort, or does the blank SP1 -> X_KeepAliveServer suggest that this is not a feature that's being used by my setup?

Also, for those of us behind a NAT, I presume we'd have to change port forwarding so that port points to Obi's IP for UDP packets?

lifeisfun


We got hammered today with these type of calls today on all 3 lines (several in the row on all)
Is this still the best way to stop this? X_InboundCallRoute : {(xxx):},{ph}
Is there way to block incomming calls all together on individual lines?
Thanks

gderf

Search around on the forum for posts describing the "Oleg method." This involves a change to your X_InboundCallRoute settings.

http://www.obitalk.com/forum/index.php?topic=6976.0
Help me OBiHai PhoneOBi. You're my only hope.