idbit
join:2008-12-04
Florida | Receiving calls from name/number 100 that don't get logged Every now and then, I'll receive a call on my 2 month old VOIP account with voip.ms. The caller ID will show name and number of 100. The weird thing is that the phone just rings and never stops ringing. Normally, the voicemail will pickup after 20 seconds, as I have it set in my voip.ms setup. Busy, Unreachable, No Answer - all go to voicemail. But these calls never go to voicemail. If I wasn't there to hit the Reject button, it would ring all day. When I do answer, there is nothing on the other end. You can normally tell if someone is sitting there silent. This isn't like that. It's just a blank phone call.
The other weird thing is that the calls don't show up in my voip.ms call logs. All of my other calls are in the logs - whether answered or unanswered. But the calls from 100 don't appear at all. Now I'm getting calls from number 99 as well - cnam says Mylo. These calls from 99 do the same thing - ring forever until I hit Reject, never appear in my call logs.
Any ideas what this could be?
Thanks.
IB |
|
|
|
| Those calls are sent directly to your SIP device's IP address, from automated scanning tools, by hackers looking for PBX systems to break into. They do not pass through VoIP.ms at all.
You can get rid of nearly all of them by changing the local SIP port on your device from 5060 to something else, e.g. 5070. If you had to forward UDP port 5060 in your router, forward the new port instead.
Note that you are not changing the port to which you are connecting on the VoIP.ms server, just the port on which your device is listening. If you can't find the setting for that, post what kind of IP phone or ATA you are using. |
|
cb14
join:2013-02-04
Miami Beach, FL | reply to idbit
There has been an extensive discussion of this issue on Obitalk forum. |
|
idbit
join:2008-12-04
Florida | reply to Stewart
said by Stewart:Those calls are sent directly to your SIP device's IP address, from automated scanning tools, by hackers looking for PBX systems to break into. They do not pass through VoIP.ms at all.
You can get rid of nearly all of them by changing the local SIP port on your device from 5060 to something else, e.g. 5070. If you had to forward UDP port 5060 in your router, forward the new port instead.
Note that you are not changing the port to which you are connecting on the VoIP.ms server, just the port on which your device is listening. If you can't find the setting for that, post what kind of IP phone or ATA you are using.
Thanks Stewart. I have a Yealink phone. It has 3 different items that are set at port 5060: SIP Server, Outbound Proxy Server, Backup Outbound Proxy Server. SIP server setting says "SIP Server address provided by ISP". So I can just change that to anything I want? FWIW, the Yealink is connected straight to cable modem and I'm using the Yealink's router to feed my computer. I want to make sure I don't inteterfere with that.
I wonder how they found out my IP was feeding a SIP phone? Plus if there is anything they can really do? I really don't mind the calls. I can just put them on my blacklist and I won't hear the phone ring. Plus I won't get charged since they don't go thru voip.ms. Is there any threat of them hacking into my SIP phone? |
|
idbit
join:2008-12-04
Florida | reply to cb14
said by cb14:There has been an extensive discussion of this issue on Obitalk forum.
Thanks CB14. Here's a thread I found there: »www.obitalk.com/forum/index.php?topic=4067.0 |
|
Reviews:
 ·Conway Corp.
| reply to idbit
said by idbit:I won't get charged since they don't go thru voip.ms. Is there any threat of them hacking into my SIP phone?
I would think it is risky if your SIP phone's administrative interface is at all "visible" to the outside world.
Many SIP devices have a way to "lock" onto a particular IP address and ignore the random SIP call from unknown IP addresses, so unless you have a reason to WANT folks to connect directly to your phone I would turn that feature on, and/or tighten down the setup in your router.
If you have configured your phone (or anything else in your network) in a DMZ or otherwise opened your network to the unfiltered Internet, then it is inherently open to abuse from the outside. |
|
idbit
join:2008-12-04
Florida | said by conwaytwt:said by idbit:I won't get charged since they don't go thru voip.ms. Is there any threat of them hacking into my SIP phone?
I would think it is risky if your SIP phone's administrative interface is at all "visible" to the outside world. If you have configured your phone (or anything else in your network) in a DMZ or otherwise opened your network to the unfiltered Internet, then it is inherently open to abuse from the outside. Well when I run a Shieldsup! scan, all ports are closed. But if I have the phone's Webserver enabled, then ports 80 (http) and 443 (https) stay wide open. That's why I keep the Webserver disabled and just use the phone for config settings.
said by conwaytwt:Many SIP devices have a way to "lock" onto a particular IP address and ignore the random SIP call from unknown IP addresses, so unless you have a reason to WANT folks to connect directly to your phone I would turn that feature on, and/or tighten down the setup in your router. Man, there are so many things you can set on this phone. I have no idea what it's called. I think I should be okay though if I just keep the ports 80 and 443 closed. Thanks! |
|
| reply to idbit
I believe that Accounts --> advanced --> Local SIP Port is the setting to change on a Yealink. |
|
 TrevIP Telephony AddictPremium
join:2009-06-29
Victoria, BC
kudos:4 | reply to idbit
said by idbit:Well when I run a Shieldsup! scan, all ports are closed. But if I have the phone's Webserver enabled, then ports 80 (http) and 443 (https) stay wide open. That's why I keep the Webserver disabled and just use the phone for config settings.
Sounds to me like you put your phone in the DMZ. That's a very bad idea, for exactly the reason you just stated.
--
I represent AcroVoice, a full service Canadian VoIP Provider.
Buy your Obihai ATA shipped from within Canada. |
|
| said by Trev:Sounds to me like you put your phone in the DMZ. That's a very bad idea, for exactly the reason you just stated.
The OP stated that the phone is connected directly to his modem. He uses the router built in to the phone to feed his local network.
@idbit - If I were you I would buy a decent VoIP compatible router and connect that to your modem, then connect the phone and your computer to the router.
--
DPC3825 (bridged mode) - WRT610N + Tomato - Panasonic KX-TGP500 - Asterisk 11.0.2 on Virtual Server
Anveo - FreePhoneLine - Voxbeam - Numbergroup - Callcentric - VoIP.MS - Localphone - UKDDI |
|
| reply to idbit
You can help by replying to the following topic:
OBi, please help us defeat SIP scanners/spammers
»www.obitalk.com/forum/index.php?topic=4873.0 |
|
idbit
join:2008-12-04
Florida | reply to grand total
said by grand total:said by Trev:Sounds to me like you put your phone in the DMZ. That's a very bad idea, for exactly the reason you just stated.
The OP stated that the phone is connected directly to his modem. He uses the router built in to the phone to feed his local network. @idbit - If I were you I would buy a decent VoIP compatible router and connect that to your modem, then connect the phone and your computer to the router. Yeah, that's what I need to do. I guess it doesn't pay to be cheap.
Here's something I never thought of. Does the Yealink sit behind its own router? It seems like it would have to, right? Dang, I can't believe I never even thought about that until now. |
|
Reviews:
 ·AT&T Midwest
| said by idbit:said by grand total:@idbit - If I were you I would buy a decent VoIP compatible router and connect that to your modem, then connect the phone and your computer to the router.
Yeah, that's what I need to do. I guess it doesn't pay to be cheap. I would expect that the reason that most people who would use a router built into a phone or OBi202 would be to give the SIP traffic first dibs on the bandwidth.
I have read this topic with interest and partial understanding. I work behind a NAT router.
•Does that protect me from SIP phone port scanners and scammers?
•How do the legitimate providers connect to me to let me know of an incoming call? |
|
| said by StillLearn:•Does that protect me from SIP phone port scanners and scammers?
•How do the legitimate providers connect to me to let me know of an incoming call?
Yes, if you do not forward ports to your device you are protected from port scanners.
Your device registers with your provider and in doing so tells your provider where to send your calls. There is a second part to this, you must also send small packets frequently to your provider to keep a temporary hole in your firewall open, so that when your provider has a call for you it is able to reach your device and is not blocked by your firewall.
--
DPC3825 (bridged mode) - WRT610N + Tomato - Panasonic KX-TGP500 - Asterisk 1.8.10 on Virtual Server
Anveo - FreePhoneLine - Voxbeam - Numbergroup - Callcentric - VoIP.MS - Localphone - UKDDI |
|
| reply to idbit
Voip.MS supports ports 26999 and 36999 for Proxy Server,Outbound Proxy and Registrar Server. They do not have to all match. |
|
| said by zapattack:Voip.MS supports ports 26999 and 36999 for Proxy Server,Outbound Proxy and Registrar Server. They do not have to all match.
That is a way to work around buggy routers, firewall and ISP restrictions, etc., but is not relevant to this thread.
The security of the user's device depends only on the local port number at his end, and the extent that port is exposed by his router / firewall. |
|
Reviews:
·AT&T Midwest
| reply to grand total
said by grand total:Yes, if you do not forward ports to your device you are protected from port scanners. Thanks. That's a relief. And thanks for the other info too. |
|
| reply to Stewart
If scanners hit 5060 and you do not use local port 5060, then how can you be scanned? |
|
| said by zapattack:If scanners hit 5060 and you do not use local port 5060, then how can you be scanned?
You can't. But, I suppose, if enough people stop using 5060 then the scanners will start looking for other ports. |
|
| reply to idbit
Grandstream has recommended settings to eliminate this problem. They seem to be working well with Voip.ms. Depending on the device they include "Check SIP User ID for INVITE", "Validate Incoming Messages" and "Allow Incoming SIP messages from SIP Proxy Only". Your device may have similar settings. Look here (and scroll down to bottom of page): »www.grandstream.com/support/faq/···shooting |
|
