<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">I know of these issues. And all client are either behind NAT either separate voice vlans.<div>As for securing the proxy. What methods either than Pike combined with fail2ban would you advise?<br><div><br></div><div><br></div><div>And I finally found the culprit. "Auth INVITE":</div><div>"<span class="Apple-style-span" style="font-size: 10px; ">When enabled, authorization is required for initial incoming INVITE requests from the SIP proxy."</span></div><div><span class="Apple-style-span" style="font-size: 10px; "><br></span></div><div>On Feb 10, 2011, at 6:57 PM, Dave Singer wrote:</div><div><div><br class="Apple-interchange-newline"><blockquote type="cite"><div>Adrian,<br><br>There are lots of people out there with servers doing sip scans to see<br>if an ip will respond to a sip ping (NOTIFY or OPTIONS message). Then<br>they will either try to send register and/or invites for all sorts of<br>numbers trying to get a hit. Of course the invites are not actual<br>calls so if the sip scanner gets an ATA, the customer answers the<br>phone and there is no one there. Depending on the scanner it may keep<br>trying through it's whole list of common sip source accounts. Then it<br>can get interesting. The scanner would then mark the IP as a success<br>and the hacker can then start trying to send calls through it. Though<br>likely they would try a call to something like a Home Depot number and<br>when the customer answers they just say sorry wrong number and mark<br>the IP off their list. Customer is left alone till the next scanner<br>comes sniffing.<br>So ATA's many times have settings for not answering calls from places<br>that shouldn't be sending them calls. The options are usually<br>something like "calls ok: from register server, from proxy server,<br>call to registered user, auth call" or similar.<br>See what you can find in the docs for that model.<br><br>Dave<br><br>On Thu, Feb 10, 2011 at 5:07 AM, Adrian Vasile <<a href="mailto:yoyo@opennet.ro">yoyo@opennet.ro</a>> wrote:<br><blockquote type="cite">Hi,<br></blockquote><blockquote type="cite">I attached the trace.<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">why does the cisco spa ask for authorization?<br></blockquote><blockquote type="cite">Thanks,<br></blockquote><blockquote type="cite">Adrian Vasile<br></blockquote><blockquote type="cite"><a href="mailto:yoyo@opennet.ro">yoyo@opennet.ro</a><br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">On Feb 10, 2011, at 12:42 PM, Laszlo wrote:<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Hi Adrian,<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">2011/2/10 Adrian Vasile <<a href="mailto:yoyo@opennet.ro">yoyo@opennet.ro</a>><br></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Hello all,<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Maybe it has happened to you too.. I've got a couple of cisco spa504g<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">everything is fine with them, registering, calling out, but there seems to<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">be a problem with the "calling in feature"..<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">When I try to call the spa's all they return is 403 Forbidden. Any ideas<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">how I could remedy the situation?<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Try to capture one call with ngrep, and post here the output.<br></blockquote><blockquote type="cite">Use ngrep like this: ngrep 'xxx' port 5060 -Wbyline -q -dany -t ><br></blockquote><blockquote type="cite">mytrace.txt<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">(where xxx is the number/extension what you going to trace)<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Thanks,<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Adrian Vasile<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><a href="mailto:yoyo@opennet.ro">yoyo@opennet.ro</a><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">_______________________________________________<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Users mailing list<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br></blockquote></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">_______________________________________________<br></blockquote><blockquote type="cite">Users mailing list<br></blockquote><blockquote type="cite"><a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br></blockquote><blockquote type="cite"><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">_______________________________________________<br></blockquote><blockquote type="cite">Users mailing list<br></blockquote><blockquote type="cite"><a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br></blockquote><blockquote type="cite"><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"><br></blockquote><br>_______________________________________________<br>Users mailing list<br><a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>http://lists.opensips.org/cgi-bin/mailman/listinfo/users<br></div></blockquote></div><br><div>
<div>Adrian Vasile</div><div><a href="mailto:yoyo@opennet.ro">yoyo@opennet.ro</a></div><div><br></div><br class="Apple-interchange-newline">
</div>
<br></div></div></body></html>