Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsVoIPToll Fraud
sofistek

95 posts

Master Geek
+1 received by user: 8


#204719 14-Oct-2016 11:43
Send private message

I've recently had my 2talk automatically block international calls a couple of times. There have been occasions when multiple calls were apparently made to odd locations at, sometimes, odd times (for either the destination or the source). Many of the numbers seem to be doubtful valid numbers (in one case two were the same apart from one had a country code prefixed).

 

2talk are claiming it's tall fraud but I just don't see it. most calls didn't cost anything and a couple, that did connect, overlapped, from and to the same numbers. Most that connected were very short and the rapidity with which the calls were made just didn't seem possible (except maybe with software, but to what end?).

 

Does it seem reasonable that 2talk's explanation is valid, or is it more likely that their call record system is going bananas every so often?

 

They've suggested I get a new router, but for what reason I don't know.

 

Discussions ongoing, but all comments welcome.




Tony

Create new topic

This is a filtered page: currently showing replies marked as answers. Click here to see full discussion.

ubergeeknz
3344 posts

Uber Geek
+1 received by user: 1041

Trusted
Vocus

  #1651271 14-Oct-2016 19:59
Send private message

 

 

 

Thanks for responding. I have a Netcomm NF4V. As for whether it's secure or not, well, I had unwittingly left a couple of the default user names and passwords unchanged (I didn't realise they were accessible from outside) but have since corrected that, though anyone connecting wouldn't necessarily know that I'm using an NF4V. The ports 8080 and 5060 are apparently open from the outside but no others. 8080 gives access to the router (I'm using 80 for port forwarding, from time to time, which doesn't access the router, is rarely available anyway and requires user password to get to the service that provides). 5060 is also open but I can't yet figure out the firewall rules to block that (and block 8080, as I don't need access to the router from outside). I may raise another topic to ask about firewall rules if I can't figure it out.

 

However, as I say, the pattern of fraud calls seems almost random but occasionally apparently connects with an expensive location, so I've lost a few dollars so far, even though connections aren't long enough for a conversation or even some kind of data transfer. Although 2talk say this kind of thing is a common precursor to later expensive abuse of my account, I just don't know for sure if these are bona fide fake calls or a glitch with 2talk itself.

 

 

You need to reset your 2talk password.

 

If you had remote access open on your router (whatever the password) then there's a very good chance that the SIP credentials have been extracted.  The attackers will then use those credentials to make calls on your tab (and yes, they use software).

 

It's a very common attack.

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright