[OpenSIPS-Users] Weird behaviour
Dave Singer
dave.singer at wideideas.com
Thu Feb 10 17:57:04 CET 2011
Adrian,
There are lots of people out there with servers doing sip scans to see
if an ip will respond to a sip ping (NOTIFY or OPTIONS message). Then
they will either try to send register and/or invites for all sorts of
numbers trying to get a hit. Of course the invites are not actual
calls so if the sip scanner gets an ATA, the customer answers the
phone and there is no one there. Depending on the scanner it may keep
trying through it's whole list of common sip source accounts. Then it
can get interesting. The scanner would then mark the IP as a success
and the hacker can then start trying to send calls through it. Though
likely they would try a call to something like a Home Depot number and
when the customer answers they just say sorry wrong number and mark
the IP off their list. Customer is left alone till the next scanner
comes sniffing.
So ATA's many times have settings for not answering calls from places
that shouldn't be sending them calls. The options are usually
something like "calls ok: from register server, from proxy server,
call to registered user, auth call" or similar.
See what you can find in the docs for that model.
Dave
On Thu, Feb 10, 2011 at 5:07 AM, Adrian Vasile <yoyo at opennet.ro> wrote:
> Hi,
> I attached the trace.
>
>
> why does the cisco spa ask for authorization?
> Thanks,
> Adrian Vasile
> yoyo at opennet.ro
>
> On Feb 10, 2011, at 12:42 PM, Laszlo wrote:
>
> Hi Adrian,
>
> 2011/2/10 Adrian Vasile <yoyo at opennet.ro>
>>
>> Hello all,
>>
>> Maybe it has happened to you too.. I've got a couple of cisco spa504g
>> everything is fine with them, registering, calling out, but there seems to
>> be a problem with the "calling in feature"..
>>
>> When I try to call the spa's all they return is 403 Forbidden. Any ideas
>> how I could remedy the situation?
>>
>
> Try to capture one call with ngrep, and post here the output.
> Use ngrep like this: ngrep 'xxx' port 5060 -Wbyline -q -dany -t >
> mytrace.txt
>
> (where xxx is the number/extension what you going to trace)
>
>
>
>>
>> Thanks,
>> Adrian Vasile
>> yoyo at opennet.ro
>>
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
More information about the Users
mailing list