Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Buying anything on Amazon? Please use the Geekzone Amazon aff link.




270 posts

Ultimate Geek
+1 received by user: 1


Topic # 92120 27-Oct-2011 08:54 Send private message

Just wondering if someone can advise as to "how" this occured?

We just had an anonymous call to our VOIP account on 2Talk, however it only rang on our Softpone (registered using 0########-1), but our 'normal phone' via an ATA didnt ring at all (registered with 0########).The resulting voicemail message suggests "someone" was actually on the line, as you could hear office type noise in the background.

When a normal phone call comes in, the Softphone and the normal phone both ring, so Im wondering if someone has somehow managed to dial our "softphone connection" directly?

When I rang our line from my mobile, it all worked as it has for a few months ... both softphone and normal pone rang, and we get a call record in the 2Talk admin web interface. There is no call record for this anonymous call in the logs.

Create new topic
20070 posts

Uber Geek
+1 received by user: 1667

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 538033 27-Oct-2011 09:00 Send private message

No doubt a SIP botnet script making brute force SIP URI calls looking for insecure SIP proxy's.





270 posts

Ultimate Geek
+1 received by user: 1


  Reply # 538034 27-Oct-2011 09:02 Send private message

sbiddle: No doubt a SIP botnet script making brute force SIP URI calls looking for insecure SIP proxy's.



Is there anything I should/could do?

My firewall has always had PortFwding entries (5060 and 5061) for my ATA but restricted to the 2Talk IP's ... but Im guessing this was directed at 2Talk and not my connection (nothing showed in the my Tomato log files) ?

Just researching "Restrict Source IP" setting in the Linksys SPA.

20070 posts

Uber Geek
+1 received by user: 1667

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 538037 27-Oct-2011 09:24 Send private message

Restrict source IP should be enabled on all VoIP hardware if it supports it to prevent this occuring. Numerous Linksys/Cisco VoIP devices have also suffered from issues such as lockups with excessive inbound VoIP traffic such as these botnet scripts.

You can't enable this on 2Talk or iTalk as it'll prevent them from working due to inbound traffic originating from more than a single IP (ie not just their SIP proxy).

URI calling is a fantastic feature of the SIP protocol, enabling direct calling between SIP endpoints, but there are obvious security issues with this that you need to be aware of, especially with the rise of hackers trying to exploit insecure IP PBX's, particularly people running Asterisk who don't have a clue in the world how to secure it properly and think they're a VoIP expert because they got trixbox running in under 60 minutes.




270 posts

Ultimate Geek
+1 received by user: 1


  Reply # 538038 27-Oct-2011 09:25 Send private message

Got this reply from 2Talk (pretty quickly too)



This anonymous call was actually made from the PSTN. We are investigating why this is not showing up in the call records currently as it should be appearing in 2talk live. However, 2talk do NOT allow calls from the Internet into your 2talk number. The only way a call can come into your 2talk number is from the PSTN or another 2talk customer. We have deliberately avoided untrusted/anonymous calls from the Internet for these reasons.

Regards,
The team @ 2talk

Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Netflix officialy launching in NZ in March
Created by jarj, last reply by tdgeek on 21-Nov-2014 19:08 (97 replies)
Pages... 5 6 7


Current Netflix payment method as of Nov 14 - Cant pay
Created by andynz, last reply by n0exit on 24-Nov-2014 11:56 (24 replies)
Pages... 2


Click Monday Deals
Created by mrtoken, last reply by networkn on 24-Nov-2014 13:58 (23 replies)
Pages... 2


Gull Employment Dispute.
Created by networkn, last reply by richms on 24-Nov-2014 14:08 (89 replies)
Pages... 4 5 6


Slingshot line speed
Created by Frankiej45, last reply by Frankiej45 on 20-Nov-2014 14:38 (14 replies)

SEO spammers
Created by freitasm, last reply by xpd on 24-Nov-2014 14:04 (20 replies)
Pages... 2


Free 1gb data with $19 combo until end of Jan 2015 (1.5gb total)
Created by eXDee, last reply by JoshWright on 24-Nov-2014 12:09 (20 replies)
Pages... 2


SSD hard drive in aging HTPC disappointingly slow
Created by watman, last reply by joker97 on 23-Nov-2014 22:02 (20 replies)
Pages... 2



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.