DaveD Posted October 21, 2013 Report Posted October 21, 2013 I'm receiving bizarre calls I believe are anattempt to pass toll calls through my server. Several inbound calls on my SIP trunk areshow as from '100 (100)' in the call long. And the 'to' field shows one of these: 00972597841671 (00972597841671) 0972597841671 (0972597841671) 9011441904898504 (9011441904898504) 011441904898504 (+441904898504) From this format, it appears someone is tryingvarious formats to dial either Israel or the U.K. There is no extension 100 registered, and becausethese calls apparently ring local extensions, noexternal call has actually completed. But becausethe call log shows an invalid 'from' and a 'to' thatmay be a valid international number, it appearsthere is some external access to the server. This really concerns me; what's going on here? Dave Here is a segment of the SIP logfile: SIP/2.0 200 OK Via: SIP/2.0/UDP <server local IP address>:5060;branch=z9hG4bK-22c1c73a8c11f54f47aaffcf117679bc;rport=5060;received=192.168.10.15From: "100" <sip:100@pbx.company.com;user=phone>;tag=24006To: "00972597841671" <sip:00972597841671@<public IP address>;user=phone>;tag=635631766Call-ID: 7d6ccdf3@pbxCSeq: 30725 BYEAllow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, OPTIONS, UPDATE, PRACK, SUBSCRIBE, INFOAllow-Events: talk, hold, conference, LocalModeStatusServer: Aastra 9480iCT/3.2.2.3077Supported: pathContent-Length: 0 Quote
Vodia PBX Posted October 21, 2013 Report Posted October 21, 2013 This is why you should set the outbound proxy of your trunk. The JavaScript warning is there for a reason. Unfortunately this is not mandatory, because the IETF did not envision that calls from anywhere in the Internet could be fraud calls. At least it seems that you don't have routed the call to an outbound trunk, so that whoever did that could not get anything out if it. Anyway, use the outbound proxy or even better specify the IP addresses where the trunk expects traffic from. Quote
DaveD Posted October 21, 2013 Author Report Posted October 21, 2013 Thanks for an incredibly quick reply! My ITSP specifically recommends not to set anoutbound proxy; that's why I didn't set one. Theyexplained when I asked that it's about theirservers not being load-balanced for in/out calls. Because I do have the ITSP SIP server specified,I thought that would be the only inbound route,but I'm apparently wrong. Where do I 'specify theIP address where the trunk expects traffic from'? Dave Quote
Vodia PBX Posted October 21, 2013 Report Posted October 21, 2013 There is a settings called "Explicitly list addresses for inbound traffic" where you can list the IP addresses that are allowed. You can use the following commands to get an idea about the addresses (in Linux): host -t NAPTR provider.com host -t SRV _sips._tcp.provider.com host -t SRV _sip._tls.provider.com host -t SRV _sip._tcp.provider.com host -t SRV _sip._udp.provider.com host -t AAAA provider.com host -t A provider.com Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.