dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2717
share rss forum feed

Mcklain1

join:2011-01-26
Terrebonne

Anonymous Caller ID Asterisk

Hello,

I have been using Voip.ms for about 1month 1/2 and since about 4 days I have been receiving some sort of spam. I contacted voip.ms and was refered to this:

»wiki.voip.ms/article/FAQ#Why_am_···er_ID.3F

This is exactly my problem. I am using a grandstream 286 as my ata and dont wanna disable anonymous calls since alot of legit persons call using anonymous.

I can receive these calls 5-6 times a day and of course there is no one on the line. I opened ports 5060 and 10k trought 20k also on my router but that was because I had a random problem where people would stop hearing me talk but I would continue hearing them and opening these ports seemed to have solved the problem. I know that blocking those ports would probably solve this sort of spam.

Each time I receive this anonymous call this is what is written in my router log:

[LAN access from remote] from 117.120.5.229:40080 to 192.168.1.107:5060, Monday, July 18,2011 06:54:33

[LAN access from remote] from 218.94.82.36:14265 to 192.168.1.107:5060, Monday, July 18,2011 05:22:09

Anyone got this problem and have a different solution. Not alot of support from Voip.ms chat.

MZB

join:2010-11-25
Dunrobin, ON
Assuming the calls aren't coming in from voip.ms (ie. they do not appear on your CDR), then Voip.ms isn't at fault - so you can't really expect them help.

I don't know anything about the Grandstream box, but here are a few suggestions:
•Change your ATA to a non-standard port (i.e. not 5060) so hackers will be less likely to find you.
•If there is an option on the Grandstream to restrict incoming calls to only the IP address you are registered with, switch it on. (This prevents calls from other than voip.ms being accepted)
•Place the ATA behind the firewall, forward the SIP and RTP ports to the ATA, and use firewall rules to only accept packets from the voip.ms server you register with.

The option on an SPA2102 is called "Restrict Source IP" - don't know if Grandstream supports this feature.

Try changing the port first: it may be all you need.

Mcklain1

join:2011-01-26
Terrebonne
I found this option in my ATA, would that work for youre advice number 2?

Allow incoming SIP
messages from SIP
proxy only

If set to “Yes”, the device will ignore any SIP message that does not come
from the IP address (Source IP in the IP header) that it is registered
to. Default is No

MZB

join:2010-11-25
Dunrobin, ON
(... without reading the manual) I think so.

Note that if you are expecting SIP calls from other than voip.ms this will eliminate them too. (You probably aren't).

Recommend the SIP port change too. You can get an idea of the number of attempts to probe a port by looking at the SANS Internet Storm Centre.

Compare Port 5060
»isc.sans.org/port.html?port=5060

with port 5061
»isc.sans.org/port.html?port=5061

So unless you need to give out a SIP URI to lots of people, a little security by obscurity is a worthwhile precaution.