ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Linphone Ghost Calls

    Scheduled Pinned Locked Moved IT Discussion
    21 Posts 6 Posters 5.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @J1MM3RT
      last edited by

      @J1MM3RT said:

      just found this on the googles: http://www.dslreports.com/forum/r28035253-Receiving-calls-from-name-number-100-that-don-t-get-logged

      Hmmm... that would suggest that the scanner is on my local network as there are no ports forwarded or open on the hardware firewall. Hmm...

      J 1 Reply Last reply Reply Quote 0
      • J
        J1MM3RT @scottalanmiller
        last edited by

        @scottalanmiller There is also this looks to reiterate the same thing but more clear compared to the other thread. http://forums.whirlpool.net.au/archive/1977342
        Other than that the rest of the sites I've seen all pretty much point to it being a scanner of some sort.

        1 Reply Last reply Reply Quote 0
        • J
          J1MM3RT
          last edited by

          Just got in today & was wondering if there was any luck figuring this out?

          1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller
            last edited by

            No, worked till late last night then hung out with my dad who is visiting from out of town. Got up and went straight to a state park with the family this morning and just got back to the house. Haven't even turned the phone on yet.

            1 Reply Last reply Reply Quote 0
            • alexntgA
              alexntg
              last edited by

              Sounds like SipVicious. allowing only end-user subnets to access your SIP interface should fix that issue.

              scottalanmillerS 1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @alexntg
                last edited by

                @alexntg said:

                Sounds like SipVicious. allowing only end-user subnets to access your SIP interface should fix that issue.

                It's a phone, you can't really do that. But it is not externally available, so it must be being accessed by the local subnet.

                alexntgA 1 Reply Last reply Reply Quote 0
                • alexntgA
                  alexntg @scottalanmiller
                  last edited by

                  @scottalanmiller said:

                  @alexntg said:

                  Sounds like SipVicious. allowing only end-user subnets to access your SIP interface should fix that issue.

                  It's a phone, you can't really do that. But it is not externally available, so it must be being accessed by the local subnet.

                  I'm referring to the SIP interface on your phone system. Lock the firewall down to only the IP addresses of the clients that register with it (or subnets if they're dynamic). That way, the attacker won't be able to send the call over. The only other explanation is that you have your SIP ports exposed and NATted directly to your phone, which really shouldn't be necessary for normal operation.

                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @alexntg
                    last edited by

                    @alexntg said:

                    @scottalanmiller said:

                    @alexntg said:

                    Sounds like SipVicious. allowing only end-user subnets to access your SIP interface should fix that issue.

                    It's a phone, you can't really do that. But it is not externally available, so it must be being accessed by the local subnet.

                    I'm referring to the SIP interface on your phone system. Lock the firewall down to only the IP addresses of the clients that register with it (or subnets if they're dynamic). That way, the attacker won't be able to send the call over. The only other explanation is that you have your SIP ports exposed and NATted directly to your phone, which really shouldn't be necessary for normal operation.

                    Neither. The call is not coming from the PBX nor are any ports forwarded. It has to be coming off of the local LAN.

                    alexntgA 1 Reply Last reply Reply Quote 0
                    • alexntgA
                      alexntg @scottalanmiller
                      last edited by

                      @scottalanmiller said:

                      @alexntg said:

                      @scottalanmiller said:

                      @alexntg said:

                      Sounds like SipVicious. allowing only end-user subnets to access your SIP interface should fix that issue.

                      It's a phone, you can't really do that. But it is not externally available, so it must be being accessed by the local subnet.

                      I'm referring to the SIP interface on your phone system. Lock the firewall down to only the IP addresses of the clients that register with it (or subnets if they're dynamic). That way, the attacker won't be able to send the call over. The only other explanation is that you have your SIP ports exposed and NATted directly to your phone, which really shouldn't be necessary for normal operation.

                      Neither. The call is not coming from the PBX nor are any ports forwarded. It has to be coming off of the local LAN.

                      Is this the NTG phone system?

                      1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller
                        last edited by

                        It's my desk phone. So yes.

                        alexntgA 1 Reply Last reply Reply Quote 0
                        • alexntgA
                          alexntg @scottalanmiller
                          last edited by

                          @scottalanmiller said:

                          It's my desk phone. So yes.

                          It's likely not your phone, but the phone system instead. Other users have experienced the same thing. The only other thing it could be is multiple users swiss-cheesing their firewalls via UPnP.

                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @alexntg
                            last edited by

                            @alexntg said:

                            @scottalanmiller said:

                            It's my desk phone. So yes.

                            It's likely not your phone, but the phone system instead. Other users have experienced the same thing. The only other thing it could be is multiple users swiss-cheesing their firewalls via UPnP.

                            Where is that getting reported? I've not seen any tickets about that.

                            alexntgA 1 Reply Last reply Reply Quote 0
                            • DominicaD
                              Dominica
                              last edited by

                              I hope you figure this out soon. It's incredibly annoying to have that phone ring every 30 minutes.

                              1 Reply Last reply Reply Quote 0
                              • DashrenderD
                                Dashrender
                                last edited by

                                is something on your network doing a regular scan?

                                scottalanmillerS 1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @Dashrender
                                  last edited by

                                  @Dashrender said:

                                  is something on your network doing a regular scan?

                                  Nope

                                  DashrenderD 1 Reply Last reply Reply Quote 0
                                  • DashrenderD
                                    Dashrender @scottalanmiller
                                    last edited by

                                    @scottalanmiller said:

                                    @Dashrender said:

                                    is something on your network doing a regular scan?

                                    Nope

                                    any chance you can run a wireshark or other packet scan on things going to the phone to see if you can tell where it's coming from?

                                    1 Reply Last reply Reply Quote 0
                                    • alexntgA
                                      alexntg @scottalanmiller
                                      last edited by

                                      @scottalanmiller said:

                                      @alexntg said:

                                      @scottalanmiller said:

                                      It's my desk phone. So yes.

                                      It's likely not your phone, but the phone system instead. Other users have experienced the same thing. The only other thing it could be is multiple users swiss-cheesing their firewalls via UPnP.

                                      Where is that getting reported? I've not seen any tickets about that.

                                      @FiyaFly had it happen a while back.

                                      1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller
                                        last edited by

                                        Hmmm. I'll have him add a ticket so that we are collecting info on it.

                                        1 Reply Last reply Reply Quote 0
                                        • AmbarishrhA
                                          Ambarishrh
                                          last edited by

                                          Not sure if you have the same issue, but I had this problem on our PBX server when I was using Trixbox. It was annoying that the front desk phone rings like 50 times a day and after logging a ticket with Trixbox they said its a hacking attempt due to the ports opened for remote sip phones for my branch offices. One advice from them was to only whitelist the branch office IP and check, that didn't really helped much.

                                          I setup fail2ban which even though was not supported by trixbox, after installing that and some trial and errors, the ghost calls stopped. Then we got migrated to our parent PBX server, so its not my headache anymore! 🙂

                                          1 Reply Last reply Reply Quote 0
                                          • 1
                                          • 2
                                          • 2 / 2
                                          • First post
                                            Last post