dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1722
milk4
join:2012-05-27
Mississauga, ON

milk4

Member

[Equipment] PAP2T keeps setting calls to forward automatically

It seems every few hours this setting in the Line 1 tab Cfwd All Serv: keeps getting set to Yes and I can't get any incoming phone calls, though I can dial out fine.

I'm using FPL and it took me a little while to figure out this is what was happening.

Any ideas on how I could disable it permanently?

toro
join:2006-01-27
Scarborough, ON

1 recommendation

toro

Member

The default setting for that should be Yes. I think another setting in combination with this is causing your calls to get forwarded.
Can you check your User 1 tab and see if you have anything in the Call Forward Settings or Selective Call Forward Settings sections (first two sections on the page). They are supposed to be all blank by default. Or better, post a screenshot of that page.
PX Eliezer1
Premium Member
join:2013-03-10
Zubrowka USA

1 edit

PX Eliezer1 to milk4

Premium Member

to milk4
Toro just beat me to this.

That setting is actually the default.

But by itself, that setting does not forward the calls. My PAP2T always had that set to Yes, but it caused no problems in receiving calls.

In other words, that particular setting does [not] forward calls, it merely permits the Call Forward service to work IF you turn that service on.

Normally on the PAP2T that service is turned on if you dial *72, and turned off by dialing *73.

(Edited to remove page numbers, see below).
PX Eliezer1

PX Eliezer1

Premium Member

Ack.

Cisco (who now are in charge of the former Linksys/Sipura regarding the PAP2T) have made a newer Administration Manual, so the page numbers are different.

This PDF is the newest manual:
»www.cisco.com/c/dam/en/u ··· -WEB.pdf
DaveSin
join:2009-07-17

1 recommendation

DaveSin to milk4

Member

to milk4
Based on years of reading this forum, the first question that pops in my head is: Is the PAP2T genuine/Fake? Was it brought on ebay from one of those HK sellers? Doesn't make sense attempting to troubleshoot a fake PAP2T, since their operation is unpredictable!
PX Eliezer1
Premium Member
join:2013-03-10
Zubrowka USA

2 recommendations

PX Eliezer1

Premium Member

said by DaveSin:

Is the PAP2T genuine/Fake? Was it brought on ebay from one of those HK sellers?

Interesting point.

This search tool may help the OP determine if their PAP2T is real by using MAC number lookup.
»www.coffer.com/mac_find/

The OP may also want to look for any other PAP2T settings that might be optimizable, by reading Mango's Linksys ATA guide:
»www.toao.net/25-linksys- ··· guration
milk4
join:2012-05-27
Mississauga, ON

milk4

Member

Thanks a bunch! I did look up my MAC address and it is listed as Cisco-Linksys, LLC device.
milk4

milk4 to toro

Member

to toro
Thanks toro. I found a strange number (not mine!) in Cfwd All Dest:. Removed it. Will keep monitoring to to see how it got there.

Thanks again!

toro
join:2006-01-27
Scarborough, ON

1 edit

toro to PX Eliezer1

Member

to PX Eliezer1
said by PX Eliezer1:

This search tool may help the OP determine if their PAP2T is real by using MAC number lookup.
»www.coffer.com/mac_find/

These days the MAC address search is insufficient for determining if a PAP2(T) is genuine. The "manufacturers" of counterfeit PAP2(T)s are getting better and better at making devices that look closer to the genuine ones instead of making better/more stable devices in general.
toro

toro to milk4

Member

to milk4
Is your PAP2's web interface accessible from the Internet (through port forwarding for example) ? Or do you have any other ports forwarded to it that may allow access to the settings ?
PX Eliezer1
Premium Member
join:2013-03-10
Zubrowka USA

PX Eliezer1 to toro

Premium Member

to toro
said by toro:

These days the MAC address search is insufficient for determining if a PAP2(T) is genuine. The "manufacturers" of counterfeit PAP2(T)s are getting better and better....

Agreed.

If it shows up as fake in the MAC screening, it's fake.

If it shows up as legit, it still could [possibly] be fake....
milk4
join:2012-05-27
Mississauga, ON

milk4 to toro

Member

to toro
I'm behind a router so I have ports forwarded the address of the PAP2T

Could somebody be remote accessing my settings?

toro
join:2006-01-27
Scarborough, ON

1 recommendation

toro

Member

For most providers (including FPL that you mentioned you were using) that's unnecessary.
The proper setup is with NAT Mapping Enable and NAT Keep Alive Enable both set to Yes in your Line 1 tab. See Mango's nice tutorial at »www.toao.net/25-linksys- ··· guration
Also, if you're using the server voip.freephoneline.ca and have issues without the ports forwarded, you may want to try the servers voip2 and voip3.
milk4
join:2012-05-27
Mississauga, ON

milk4

Member

Thanks toro

Quite a bit of changes from the given FPL settings.

I've got both NAT Mapping Enable and NAT Keep Alive Enable. and I've tried the PAP2T without the firewall. It dials out then dies... no ring. I tried the voip2.freephoneline.ca and voip3.freephoneline.ca.

Because you asked the question about port forwarding, I feel my box may be getting hacked.

I decided to look up the number that it was forwarding to, which I am attaching in case someone else gets a similar issue: 011972542935554. I've only found one instance of it online: »supportforums.cisco.com/ ··· -its-own

It seems to me an israeli number and I haven't made a call there in years.

Now I've got to get my ATA working behind the linksys router (WRT160N).
PX Eliezer1
Premium Member
join:2013-03-10
Zubrowka USA

PX Eliezer1

Premium Member

said by milk4:

I decided to look up the number that it was forwarding to, which I am attaching in case someone else gets a similar issue: 011972542935554. I've only found one instance of it online: »supportforums.cisco.com/ ··· -its-own

It seems to me an israeli number and I haven't made a call there in years.

Definitely an Israel number, for the mobile company Orange.

Strange.

Please note that the Cisco post you referred to was just 5 days ago. So this is quite likely a hack, and a current one at that!!

toro
join:2006-01-27
Scarborough, ON

toro to milk4

Member

to milk4
Which ports were forwarded to your ATA ?
DaveSin
join:2009-07-17

DaveSin to milk4

Member

to milk4
Is it possible that [if] the unit was purchased used, the number was carried over? Again, is it a used PAP2T and was it reset back to its defaults values by yourself before inputting your SIP credentials? How long have you been using the PAP2T? I doubt your unit was hacked.
said by milk4:

Because you asked the question about port forwarding, I feel my box may be getting hacked.

I decided to look up the number that it was forwarding to, which I am attaching in case someone else gets a similar issue: 011972542935554.

It seems to me an israeli number and I haven't made a call there in years.

Stewart
join:2005-07-13

Stewart to milk4

Member

to milk4
Possibly, you accidentally or (not realizing the consequences) intentionally put the PAP2T in the DMZ of your router. If you also did not set admin and user passwords for the device, then a hacker's automated tool could find your device and attempt the forward.

The good news is that Linksys ATAs implement forwarding with a 302 redirect, which most providers reject for security reasons, i.e. your calls were most likely not actually forwarded to Israel. However, setting a forward destination still causes incoming calls to fail.

If the above is indeed true, you should set strong admin and user passwords on the PAP2T. Also, unless you have no other way to solve a VoIP issue, remove the DMZ. If you must use DMZ, put the ATA's web server on an obscure port, or forward TCP port 80 to something non-existent, which will override the DMZ setting for the web server port.

If this isn't a DMZ issue (and you don't have port 80 forwarded), I suspect that there must be a firmware vulnerability that is allowing the hacker to set forwarding via SIP.
milk4
join:2012-05-27
Mississauga, ON

milk4 to toro

Member

to toro
The ports forwarded were:
5060
10000-20000

The standard FPL setup as suggested by their doc.

@DaveSin
I've had the unit for about a year now. I did reset the ata a month ago, that may have had something to do with it. But I'll tell you why this likely a hack. I took screen grabs of my setting tabs after first setting up for future reference. When I went back to check them just now, the israeli number did not show up in those screen grabs. It was factory reset at the time when I took the screen grabs.

@Stewart
i did have DMZ setup for a time for games, which is disabled.

Thank you to each of you. Really.

So here's what I've done:
1) I have changed the admin passwords to very long randomly generated passwords
2) changed to different ports
3) made sure DMZ is disabled
4) trying to get my router's NAT working properly
PX Eliezer1
Premium Member
join:2013-03-10
Zubrowka USA

PX Eliezer1 to DaveSin

Premium Member

to DaveSin
said by DaveSin:

Is it possible that [if] the unit was purchased used, the number was carried over?

....I doubt your unit was hacked.

Not to beat this to death but (as above) the exact same phone number was the subject of a post in the Cisco forums just a few days ago.

And the OP here makes clear that the Cisco post was from another person, not himself.

So that's yet another piece of evidence.
eastmanblues
join:2010-12-01

eastmanblues

Member

I just noticed my Pap2 was not reciveing calls and the user Cfwd All Dest was set to :011972542935554.
Googled the number and ended up here... Weird cleared the number and everything works fine again.
Mango
Use DMZ and you get a kick in the dick.
Premium Member
join:2008-12-25
www.toao.net

Mango

Premium Member

The plot thickens.

eastmanblues, could you please let us know:

1) What router do you use?
2) Did you place your PAP2's IP in DMZ?
3) Did you have any ports forwarded to your PAP2? If so, which ones?
4) Could you confirm that you have a PAP2 and not a PAP2T like the OP?

Thanks,
m.
Mango

Mango to milk4

Premium Member

to milk4
milk, what firmware version do you have on your PAP2T?