ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Linphone Ghost Calls

    Scheduled Pinned Locked Moved IT Discussion
    21 Posts 6 Posters 5.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • alexntgA
      alexntg
      last edited by

      Sounds like SipVicious. allowing only end-user subnets to access your SIP interface should fix that issue.

      scottalanmillerS 1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @alexntg
        last edited by

        @alexntg said:

        Sounds like SipVicious. allowing only end-user subnets to access your SIP interface should fix that issue.

        It's a phone, you can't really do that. But it is not externally available, so it must be being accessed by the local subnet.

        alexntgA 1 Reply Last reply Reply Quote 0
        • alexntgA
          alexntg @scottalanmiller
          last edited by

          @scottalanmiller said:

          @alexntg said:

          Sounds like SipVicious. allowing only end-user subnets to access your SIP interface should fix that issue.

          It's a phone, you can't really do that. But it is not externally available, so it must be being accessed by the local subnet.

          I'm referring to the SIP interface on your phone system. Lock the firewall down to only the IP addresses of the clients that register with it (or subnets if they're dynamic). That way, the attacker won't be able to send the call over. The only other explanation is that you have your SIP ports exposed and NATted directly to your phone, which really shouldn't be necessary for normal operation.

          scottalanmillerS 1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @alexntg
            last edited by

            @alexntg said:

            @scottalanmiller said:

            @alexntg said:

            Sounds like SipVicious. allowing only end-user subnets to access your SIP interface should fix that issue.

            It's a phone, you can't really do that. But it is not externally available, so it must be being accessed by the local subnet.

            I'm referring to the SIP interface on your phone system. Lock the firewall down to only the IP addresses of the clients that register with it (or subnets if they're dynamic). That way, the attacker won't be able to send the call over. The only other explanation is that you have your SIP ports exposed and NATted directly to your phone, which really shouldn't be necessary for normal operation.

            Neither. The call is not coming from the PBX nor are any ports forwarded. It has to be coming off of the local LAN.

            alexntgA 1 Reply Last reply Reply Quote 0
            • alexntgA
              alexntg @scottalanmiller
              last edited by

              @scottalanmiller said:

              @alexntg said:

              @scottalanmiller said:

              @alexntg said:

              Sounds like SipVicious. allowing only end-user subnets to access your SIP interface should fix that issue.

              It's a phone, you can't really do that. But it is not externally available, so it must be being accessed by the local subnet.

              I'm referring to the SIP interface on your phone system. Lock the firewall down to only the IP addresses of the clients that register with it (or subnets if they're dynamic). That way, the attacker won't be able to send the call over. The only other explanation is that you have your SIP ports exposed and NATted directly to your phone, which really shouldn't be necessary for normal operation.

              Neither. The call is not coming from the PBX nor are any ports forwarded. It has to be coming off of the local LAN.

              Is this the NTG phone system?

              1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller
                last edited by

                It's my desk phone. So yes.

                alexntgA 1 Reply Last reply Reply Quote 0
                • alexntgA
                  alexntg @scottalanmiller
                  last edited by

                  @scottalanmiller said:

                  It's my desk phone. So yes.

                  It's likely not your phone, but the phone system instead. Other users have experienced the same thing. The only other thing it could be is multiple users swiss-cheesing their firewalls via UPnP.

                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @alexntg
                    last edited by

                    @alexntg said:

                    @scottalanmiller said:

                    It's my desk phone. So yes.

                    It's likely not your phone, but the phone system instead. Other users have experienced the same thing. The only other thing it could be is multiple users swiss-cheesing their firewalls via UPnP.

                    Where is that getting reported? I've not seen any tickets about that.

                    alexntgA 1 Reply Last reply Reply Quote 0
                    • DominicaD
                      Dominica
                      last edited by

                      I hope you figure this out soon. It's incredibly annoying to have that phone ring every 30 minutes.

                      1 Reply Last reply Reply Quote 0
                      • DashrenderD
                        Dashrender
                        last edited by

                        is something on your network doing a regular scan?

                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @Dashrender
                          last edited by

                          @Dashrender said:

                          is something on your network doing a regular scan?

                          Nope

                          DashrenderD 1 Reply Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender @scottalanmiller
                            last edited by

                            @scottalanmiller said:

                            @Dashrender said:

                            is something on your network doing a regular scan?

                            Nope

                            any chance you can run a wireshark or other packet scan on things going to the phone to see if you can tell where it's coming from?

                            1 Reply Last reply Reply Quote 0
                            • alexntgA
                              alexntg @scottalanmiller
                              last edited by

                              @scottalanmiller said:

                              @alexntg said:

                              @scottalanmiller said:

                              It's my desk phone. So yes.

                              It's likely not your phone, but the phone system instead. Other users have experienced the same thing. The only other thing it could be is multiple users swiss-cheesing their firewalls via UPnP.

                              Where is that getting reported? I've not seen any tickets about that.

                              @FiyaFly had it happen a while back.

                              1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller
                                last edited by

                                Hmmm. I'll have him add a ticket so that we are collecting info on it.

                                1 Reply Last reply Reply Quote 0
                                • AmbarishrhA
                                  Ambarishrh
                                  last edited by

                                  Not sure if you have the same issue, but I had this problem on our PBX server when I was using Trixbox. It was annoying that the front desk phone rings like 50 times a day and after logging a ticket with Trixbox they said its a hacking attempt due to the ports opened for remote sip phones for my branch offices. One advice from them was to only whitelist the branch office IP and check, that didn't really helped much.

                                  I setup fail2ban which even though was not supported by trixbox, after installing that and some trial and errors, the ghost calls stopped. Then we got migrated to our parent PBX server, so its not my headache anymore! 🙂

                                  1 Reply Last reply Reply Quote 0
                                  • 1
                                  • 2
                                  • 1 / 2
                                  • First post
                                    Last post