Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




BDFL - Memuneh
64426 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

# 177836 15-Aug-2015 18:18
Send private message

I have a mynetfone number (Melbourne) configured as a second line on my Fritz!Box (with Snap). This is the default outgoing number - so we can have free calls to in-laws living in Melbourne and they can have local calls to us.

I noticed in my invoice this month three calls to Somalia (total $19) but the Fritz!Box call log doesn't show any activities on those dates.

I see the Fritz!Box has inbound port 5060 open. I have asked mynetfone to change our SIP password on the chance it could have been a brute force attempt or something else (a leak?)

Ideas?






Create new topic
203 posts

Master Geek


  # 1367090 15-Aug-2015 18:24
Send private message

Is mynetfone able to provide a report of the IP addresses that your account has registered from, or the source IPs of these particular calls?

Knowing that would assist you in deciding to focus on further local investigations (if it did come from your local Snap IP) or whether to simply focus on your account security (ie if the calls were from IP space far far away).

Pete


26 posts

Geek


  # 1367225 15-Aug-2015 22:57
Send private message

Haven't followed it because I don't have a Fritz but I suspect this will help:

http://forums.whirlpool.net.au/forum-replies.cfm?t=2433387

 
 
 
 


4171 posts

Uber Geek


  # 1367231 15-Aug-2015 23:20
Send private message

Fritz do an 'internal' port forward of 5060 to the gateway. I have always disabled it by editing the config file but it's all a bit of a screw around for most punters to muck around with. Probably one of the reasons WxC never picked them up as their certified hardware.

Was the password quite basic? Even if there was a brute force attack, with a decent password you should notice the traffic increase (although in reality i guess it would be relatively minimal) before they break the password.



BDFL - Memuneh
64426 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 1367243 16-Aug-2015 00:14
Send private message

The Fritz is not accessible from outside my LAN. Sbiddle tested some calls through it but couldn't get anything past. When I mentioned "brute force" I didn't mean against the Fritz but against the mynetfone SIP server itself.

Alternatively, because there are only three calls listed on my mynetfone account I could even raise a billing problem - mynetfone put these three calls on my account but they didn't originate from my device as there are no records of activity on the day listed.

Worst case I can just close my account with mynetfone and that's it.





Mad Scientist
20734 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1367270 16-Aug-2015 09:14
Send private message

might be a long shot - some phone companies include sms and minutes to australia. and i believe Virgin (and Vodafone and maybe Optus) allows generous month "credits" to be used for international calls and sms




Involuntary autocorrect in operation on mobile device. Apologies in advance.


28199 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 1367291 16-Aug-2015 09:21
Send private message

freitasm: The Fritz is not accessible from outside my LAN. Sbiddle tested some calls through it but couldn't get anything past. When I mentioned "brute force" I didn't mean against the Fritz but against the mynetfone SIP server itself.

Alternatively, because there are only three calls listed on my mynetfone account I could even raise a billing problem - mynetfone put these three calls on my account but they didn't originate from my device as there are no records of activity on the day listed.

Worst case I can just close my account with mynetfone and that's it.



Your Fritz!box SIP proxy is visible on port 5060 on your public IP, but a few very quick tests of trying to route calls via this failed.



 
 
 
 




BDFL - Memuneh
64426 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 1367295 16-Aug-2015 09:35
Send private message

Thanks - and from what I read you can't really close that port. As I said, nothing showing in the logs...

Let's see what mynetfone support says about where the calls came from and if nothing then I will just close that account.





Mad Scientist
20734 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1367299 16-Aug-2015 09:43
Send private message

freitasm: Sorry, what's the relation to outgoing calls to Somalia?



If you closed your account with mynetfone this could be an alternative way of communicating with the in-laws If both parties have the right mobile service in their respective countries?




Involuntary autocorrect in operation on mobile device. Apologies in advance.




BDFL - Memuneh
64426 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 1367932 17-Aug-2015 14:28
Send private message

Not sure yet how these calls happened but they have now put an international block on my line - which is ok since we only use it inside Australia.

Still interested to know if there is a flaw somewhere on these Fritz - sbiddle couldn't place a call from outside but not say someone knows of a vulnerability and used it. 






Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

OPPO Showcases New CameraX Capabilities at Google Developer Days China 2019
Posted 15-Sep-2019 12:42


New Zealand PC Market returns to growth
Posted 15-Sep-2019 12:24


Home sensor charity director speaks about the preventable death which drives her to push for healthy homes
Posted 11-Sep-2019 08:46


Te ao Maori Minecraft world set to inspire Kiwi students
Posted 11-Sep-2019 08:43


Research reveals The Power of Games in New Zealand
Posted 11-Sep-2019 08:40


Ring Door View Cam now available in New Zealand
Posted 11-Sep-2019 08:38


Vodafone NZ to create X Squad
Posted 10-Sep-2019 10:25


Huawei nova 5T to be available 20th September
Posted 5-Sep-2019 11:55


Kogan.com launches prepay challenger brand Kogan Mobile in New Zealand
Posted 3-Sep-2019 11:42


Pagan Online available now
Posted 27-Aug-2019 20:22


Starship hopes new app will help combat antibiotic resistance challenges
Posted 27-Aug-2019 19:43


Intel expands 10th Gen Intel Core Mobile processor family
Posted 23-Aug-2019 10:22


Digital innovation drives new investment provider
Posted 23-Aug-2019 08:29


Catalyst Cloud becomes a Kubernetes Certified Service Provider (KCSP)
Posted 23-Aug-2019 08:21


New AI legaltech product launched in New Zealand
Posted 21-Aug-2019 17:01



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.