Anonymous call to Softphone

Geekzone Status | Geekzone User IP information | NZ Cell Sites Map | Amazon order page (Kindle, books, electronics)

Welcome Guest.

You haven't logged in yet. If you don't have an account you can register now.

Forums › VoIP › Anonymous call to Softphone

thekiwi

250 posts

Master Geek

Topic # 92120 27-Oct-2011 08:54
Just wondering if someone can advise as to "how" this occured? We just had an anonymous call to our VOIP account on 2Talk, however it only rang on our Softpone (registered using 0########-1), but our 'normal phone' via an ATA didnt ring at all (registered with 0########).The resulting voicemail message suggests "someone" was actually on the line, as you could hear office type noise in the background. When a normal phone call comes in, the Softphone and the normal phone both ring, so Im wondering if someone has somehow managed to dial our "softphone connection" directly? When I rang our line from my mobile, it all worked as it has for a few months ... both softphone and normal pone rang, and we get a call record in the 2Talk admin web interface. There is no call record for this anonymous call in the logs.

sbiddle

16690 posts

Uber Geek

Moderator

Trusted

Biddle Corp

Subscriber

Reply # 538033 27-Oct-2011 09:00
No doubt a SIP botnet script making brute force SIP URI calls looking for insecure SIP proxy's. *Need help configuring your Linksys ATA or IP Phones for New Zealand? Check my blog post

thekiwi

250 posts

Master Geek

Reply # 538034 27-Oct-2011 09:02
sbiddle: No doubt a SIP botnet script making brute force SIP URI calls looking for insecure SIP proxy's. Is there anything I should/could do? My firewall has always had PortFwding entries (5060 and 5061) for my ATA but restricted to the 2Talk IP's ... but Im guessing this was directed at 2Talk and not my connection (nothing showed in the my Tomato log files) ? Just researching "Restrict Source IP" setting in the Linksys SPA.

sbiddle

16690 posts

Uber Geek

Moderator

Trusted

Biddle Corp

Subscriber

Reply # 538037 27-Oct-2011 09:24
Restrict source IP should be enabled on all VoIP hardware if it supports it to prevent this occuring. Numerous Linksys/Cisco VoIP devices have also suffered from issues such as lockups with excessive inbound VoIP traffic such as these botnet scripts. You can't enable this on 2Talk or iTalk as it'll prevent them from working due to inbound traffic originating from more than a single IP (ie not just their SIP proxy). URI calling is a fantastic feature of the SIP protocol, enabling direct calling between SIP endpoints, but there are obvious security issues with this that you need to be aware of, especially with the rise of hackers trying to exploit insecure IP PBX's, particularly people running Asterisk who don't have a clue in the world how to secure it properly and think they're a VoIP expert because they got trixbox running in under 60 minutes. *Need help configuring your Linksys ATA or IP Phones for New Zealand? Check my blog post

thekiwi

250 posts

Master Geek

Reply # 538038 27-Oct-2011 09:25
Got this reply from 2Talk (pretty quickly too) This anonymous call was actually made from the PSTN. We are investigating why this is not showing up in the call records currently as it should be appearing in 2talk live. However, 2talk do NOT allow calls from the Internet into your 2talk number. The only way a call can come into your 2talk number is from the PSTN or another 2talk customer. We have deliberately avoided untrusted/anonymous calls from the Internet for these reasons. Regards, The team @ 2talk

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:

Follow @geekzonenzforum

Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:

Follow @geekz1

Follow us to receive Twitter updates when new jobs are posted to our jobs board:

Follow @geekzonenzjobs

Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:

Follow @geekzoneprices

News »

Android and iOS combine for 92.3% of all smartphone OS shipment in the first 2013 quarter
Posted 17-May-2013 08:38

Apple’s App Store marks 50 billionth download
Posted 17-May-2013 08:25

Gen-i divests Davanti Consulting through management buyout
Posted 16-May-2013 14:02

Huawei G510 bring big-screen mobile entertainment for Android users
Posted 16-May-2013 11:49

BlackBerry BBM goes multiplatform: iOS and Android versions
Posted 15-May-2013 11:28

BlackBerry introduces BlackBerry 10 QWERTY smartphone
Posted 15-May-2013 09:32

Trending now »

Hot discussions in our forums right now:

A reason not to shop at dick smith
Created by dsnz1, last reply by AKLWestie on 17-May-2013 22:45 (82 replies)

... 4 5 6

Chorus is cutting the cost of VDSL to service providers from June 7
Created by maxzzz, last reply by Ragnor on 16-May-2013 02:57 (40 replies)

... 2 3

A new project coming to Geekzone
Created by freitasm, last reply by CapBBeard on 18-May-2013 20:20 (194 replies)

... 11 12 13

HTC One (2013) owners' discussion
Created by Dingbatt, last reply by Indio on 18-May-2013 22:00 (1404 replies)

... 92 93 94

Galaxy S4 to run stock Android, by Google
Created by kiwitrc, last reply by Lambchop on 17-May-2013 02:54 (30 replies)

... 2

Sitting on a boring conference call
Created by SaltyNZ, last reply by SepticSceptic on 17-May-2013 16:52 (14 replies)

Office 365 service outage 2013-05-18
Created by freitasm, last reply by networkn on 18-May-2013 22:31 (12 replies)

Samsung Galaxy SIII Discussion and Owners Thread
Created by networkn, last reply by Johnk on 18-May-2013 14:50 (5522 replies)

... 367 368 369

Geekzone Jobs »

Most recent NZ jobs in technology:

IT Technician
Posted 18-May-2013 22:27

IT Technician
Posted 18-May-2013 22:27

Office Girl
Posted 18-May-2013 13:27

CRM Lead/ Senior MS CRM Consultant
Posted 18-May-2013 09:27

Business Analyst - Technical Web Focus
Posted 18-May-2013 09:27

Senior Front End Developer
Posted 18-May-2013 09:27

Client Support Analyst
Posted 17-May-2013 23:26

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.

RSS feeds: Main feed; Forums feed; Tech Jobs feed; All RSS feeds

Site features: Geekzone Mobile; @GeekzoneMail; Geekzone Badges; Geekzone on Twitter

Geekzone offers: Amazon orders (Kindle, books, everything); MightyApe orders; Free technology white papers

Site Information: Subscribe to Geekzone; Privacy Statement; Forum Usage Guidelines (FUG); Advertising on Geekzone; Trademark and copyright

©2002-2013 Geekzone®