Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




BDFL - Memuneh
64241 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

# 177836 15-Aug-2015 18:18
Send private message

I have a mynetfone number (Melbourne) configured as a second line on my Fritz!Box (with Snap). This is the default outgoing number - so we can have free calls to in-laws living in Melbourne and they can have local calls to us.

I noticed in my invoice this month three calls to Somalia (total $19) but the Fritz!Box call log doesn't show any activities on those dates.

I see the Fritz!Box has inbound port 5060 open. I have asked mynetfone to change our SIP password on the chance it could have been a brute force attempt or something else (a leak?)

Ideas?






Create new topic
200 posts

Master Geek


  # 1367090 15-Aug-2015 18:24
Send private message

Is mynetfone able to provide a report of the IP addresses that your account has registered from, or the source IPs of these particular calls?

Knowing that would assist you in deciding to focus on further local investigations (if it did come from your local Snap IP) or whether to simply focus on your account security (ie if the calls were from IP space far far away).

Pete


26 posts

Geek


  # 1367225 15-Aug-2015 22:57
Send private message

Haven't followed it because I don't have a Fritz but I suspect this will help:

http://forums.whirlpool.net.au/forum-replies.cfm?t=2433387

 
 
 
 


4132 posts

Uber Geek


  # 1367231 15-Aug-2015 23:20
Send private message

Fritz do an 'internal' port forward of 5060 to the gateway. I have always disabled it by editing the config file but it's all a bit of a screw around for most punters to muck around with. Probably one of the reasons WxC never picked them up as their certified hardware.

Was the password quite basic? Even if there was a brute force attack, with a decent password you should notice the traffic increase (although in reality i guess it would be relatively minimal) before they break the password.



BDFL - Memuneh
64241 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 1367243 16-Aug-2015 00:14
Send private message

The Fritz is not accessible from outside my LAN. Sbiddle tested some calls through it but couldn't get anything past. When I mentioned "brute force" I didn't mean against the Fritz but against the mynetfone SIP server itself.

Alternatively, because there are only three calls listed on my mynetfone account I could even raise a billing problem - mynetfone put these three calls on my account but they didn't originate from my device as there are no records of activity on the day listed.

Worst case I can just close my account with mynetfone and that's it.





Mad Scientist
20663 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1367270 16-Aug-2015 09:14
Send private message

might be a long shot - some phone companies include sms and minutes to australia. and i believe Virgin (and Vodafone and maybe Optus) allows generous month "credits" to be used for international calls and sms




Involuntary autocorrect in operation on mobile device. Apologies in advance.


28132 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 1367291 16-Aug-2015 09:21
Send private message

freitasm: The Fritz is not accessible from outside my LAN. Sbiddle tested some calls through it but couldn't get anything past. When I mentioned "brute force" I didn't mean against the Fritz but against the mynetfone SIP server itself.

Alternatively, because there are only three calls listed on my mynetfone account I could even raise a billing problem - mynetfone put these three calls on my account but they didn't originate from my device as there are no records of activity on the day listed.

Worst case I can just close my account with mynetfone and that's it.



Your Fritz!box SIP proxy is visible on port 5060 on your public IP, but a few very quick tests of trying to route calls via this failed.



 
 
 
 




BDFL - Memuneh
64241 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 1367295 16-Aug-2015 09:35
Send private message

Thanks - and from what I read you can't really close that port. As I said, nothing showing in the logs...

Let's see what mynetfone support says about where the calls came from and if nothing then I will just close that account.





Mad Scientist
20663 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1367299 16-Aug-2015 09:43
Send private message

freitasm: Sorry, what's the relation to outgoing calls to Somalia?



If you closed your account with mynetfone this could be an alternative way of communicating with the in-laws If both parties have the right mobile service in their respective countries?




Involuntary autocorrect in operation on mobile device. Apologies in advance.




BDFL - Memuneh
64241 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 1367932 17-Aug-2015 14:28
Send private message

Not sure yet how these calls happened but they have now put an international block on my line - which is ok since we only use it inside Australia.

Still interested to know if there is a flaw somewhere on these Fritz - sbiddle couldn't place a call from outside but not say someone knows of a vulnerability and used it. 






Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Intel expands 10th Gen Intel Core Mobile processor family
Posted 23-Aug-2019 10:22


Digital innovation drives new investment provider
Posted 23-Aug-2019 08:29


Catalyst Cloud becomes a Kubernetes Certified Service Provider (KCSP)
Posted 23-Aug-2019 08:21


New AI legaltech product launched in New Zealand
Posted 21-Aug-2019 17:01


Yubico launches first Lightning-compatible security key, the YubiKey 5Ci
Posted 21-Aug-2019 16:46


Disney+ streaming service confirmed launch in New Zealand
Posted 20-Aug-2019 09:29


Industry plan could create a billion dollar interactive games sector
Posted 19-Aug-2019 20:41


Personal cyber insurance a New Zealand first
Posted 19-Aug-2019 20:26


University of Waikato launches space for esports
Posted 19-Aug-2019 20:20


D-Link ANZ expands mydlink ecosystem with new mydlink Mini Wi-Fi Smart Plug
Posted 19-Aug-2019 20:14


Kiwi workers still falling victim to old cyber tricks
Posted 12-Aug-2019 20:47


Lightning Lab GovTech launches 2019 programme
Posted 12-Aug-2019 20:41


Epson launches portable laser projector
Posted 12-Aug-2019 20:27


Huawei launches new distributed HarmonyOS
Posted 12-Aug-2019 20:20


Lenovo introduces single-socket servers for edge and data-intensive workloads
Posted 9-Aug-2019 21:26



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.