News:

On Tuesday September 6th the forum will be down for maintenance from 9:30 PM to 11:59 PM PDT

Main Menu

Obi + PBX = flagged for fraud?

Started by Magi, January 25, 2015, 11:36:32 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Magi

January 25, 2015, 11:36:32 AM
Hello all,

I've had my Obi100 set up on my home network with PhonePower for about a year and recently purchased a Grandstream DP715 SIP phone.  I've integrated the two by setting up the DP715 as a second service provider in the Obi (with lots of help from reading these forums) and both inbound/outbound calls have worked great.

A few days later I got a call from PhonePower that they flagged my account because it looked like someone was placing fraudulent international calls.  Sure enough, looking over my PhonePower call history AND my Obi call history, I've seen both international and domestic calls that we have never placed.  Strangely, they've also originated from suspicious peer numbers like "1001" or "300".

PhonePower stated that this was because I had BOTH an Obi and a PBX (presumably the DP715) asked that I should "remove your Obihai phone adapter from your PBX and connect it directly to either your cable/DSL modem or to your router. This is required so that the device is not fraudulently tampered with in the future."

While I find PhonePower's instructions somewhat vague (e.g. it sounds like they mean physically connected rather than logically connected over the network?), how could connecting the two possibly result in someone hijacking my phone network and placing fraudulent calls?  Furthermore, how do I prevent against it?

Mango

#1
January 25, 2015, 02:00:36 PM Last Edit: January 25, 2015, 02:02:21 PM by Mango
It sounds like a SIP scanner was able to make calls via your OBi.

Neither your OBi ATA nor your Grandstream phone are considered a PBX.  The individual you dealt with at PhonePower is not quite correct.  (Although the OBi does have some basic PBX-like features.)

Let us run some tests to try to figure out what caused the problem.  If you are using DMZ or port forwarding, disable it.  Hopefully you have or have access to a Windows computer.  Download the utility from http://www.dslreports.com/forum/remark,22292023 and run it from a command prompt in the following fashion:

stun stun.ekiga.net

1) Let us know what type of NAT you are using, as indicated by the utility above.
2) If you used DMZ or port forwarding, let us know the specifics.  (i.e. which ports were forwarded?)
3) Please paste your X_InboundCallRoute for both SP1 Service and SP2 Service so that we can see it.
4) Please change each SP's X_UserAgentPort to a random number between 20000 and 65535.  This is not a permanent solution, but it will make it more difficult for the scanners to find you.
5) Let us know what router(s) you use.

Taoman

#2
January 25, 2015, 07:22:42 PM
Also, please list the contents of the following field:

Service Providers>>ITSP Profile X SIP>>X_AccessList  (where X is profile for PhonePower)

If it's set to the default (blank) change it to the following:

208.64.8.6,206.15.130.6

http://www.phonepower.com/wiki/Obihai_plans#Disable_Direct_IP_Dialing

Mango

#3
January 25, 2015, 07:25:54 PM
Would it also be necessary to add the IP of his Gigaset Grandstream in there, or are local IPs automatically whitelisted?

Taoman

#4
January 25, 2015, 07:30:16 PM
Quote from: Mango on January 25, 2015, 07:25:54 PM
Would it also be necessary to add the IP of his Gigaset Grandstream in there, or are local IPs automatically whitelisted?
I don't think local IPs are whitelisted so that could very well be necessary.
Print
Go Up Pages1
User actions