ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Linphone Ghost Calls

    Scheduled Pinned Locked Moved IT Discussion
    21 Posts 6 Posters 5.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @alexntg
      last edited by

      @alexntg said:

      @scottalanmiller said:

      @alexntg said:

      Sounds like SipVicious. allowing only end-user subnets to access your SIP interface should fix that issue.

      It's a phone, you can't really do that. But it is not externally available, so it must be being accessed by the local subnet.

      I'm referring to the SIP interface on your phone system. Lock the firewall down to only the IP addresses of the clients that register with it (or subnets if they're dynamic). That way, the attacker won't be able to send the call over. The only other explanation is that you have your SIP ports exposed and NATted directly to your phone, which really shouldn't be necessary for normal operation.

      Neither. The call is not coming from the PBX nor are any ports forwarded. It has to be coming off of the local LAN.

      alexntgA 1 Reply Last reply Reply Quote 0
      • alexntgA
        alexntg @scottalanmiller
        last edited by

        @scottalanmiller said:

        @alexntg said:

        @scottalanmiller said:

        @alexntg said:

        Sounds like SipVicious. allowing only end-user subnets to access your SIP interface should fix that issue.

        It's a phone, you can't really do that. But it is not externally available, so it must be being accessed by the local subnet.

        I'm referring to the SIP interface on your phone system. Lock the firewall down to only the IP addresses of the clients that register with it (or subnets if they're dynamic). That way, the attacker won't be able to send the call over. The only other explanation is that you have your SIP ports exposed and NATted directly to your phone, which really shouldn't be necessary for normal operation.

        Neither. The call is not coming from the PBX nor are any ports forwarded. It has to be coming off of the local LAN.

        Is this the NTG phone system?

        1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller
          last edited by

          It's my desk phone. So yes.

          alexntgA 1 Reply Last reply Reply Quote 0
          • alexntgA
            alexntg @scottalanmiller
            last edited by

            @scottalanmiller said:

            It's my desk phone. So yes.

            It's likely not your phone, but the phone system instead. Other users have experienced the same thing. The only other thing it could be is multiple users swiss-cheesing their firewalls via UPnP.

            scottalanmillerS 1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @alexntg
              last edited by

              @alexntg said:

              @scottalanmiller said:

              It's my desk phone. So yes.

              It's likely not your phone, but the phone system instead. Other users have experienced the same thing. The only other thing it could be is multiple users swiss-cheesing their firewalls via UPnP.

              Where is that getting reported? I've not seen any tickets about that.

              alexntgA 1 Reply Last reply Reply Quote 0
              • DominicaD
                Dominica
                last edited by

                I hope you figure this out soon. It's incredibly annoying to have that phone ring every 30 minutes.

                1 Reply Last reply Reply Quote 0
                • DashrenderD
                  Dashrender
                  last edited by

                  is something on your network doing a regular scan?

                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @Dashrender
                    last edited by

                    @Dashrender said:

                    is something on your network doing a regular scan?

                    Nope

                    DashrenderD 1 Reply Last reply Reply Quote 0
                    • DashrenderD
                      Dashrender @scottalanmiller
                      last edited by

                      @scottalanmiller said:

                      @Dashrender said:

                      is something on your network doing a regular scan?

                      Nope

                      any chance you can run a wireshark or other packet scan on things going to the phone to see if you can tell where it's coming from?

                      1 Reply Last reply Reply Quote 0
                      • alexntgA
                        alexntg @scottalanmiller
                        last edited by

                        @scottalanmiller said:

                        @alexntg said:

                        @scottalanmiller said:

                        It's my desk phone. So yes.

                        It's likely not your phone, but the phone system instead. Other users have experienced the same thing. The only other thing it could be is multiple users swiss-cheesing their firewalls via UPnP.

                        Where is that getting reported? I've not seen any tickets about that.

                        @FiyaFly had it happen a while back.

                        1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller
                          last edited by

                          Hmmm. I'll have him add a ticket so that we are collecting info on it.

                          1 Reply Last reply Reply Quote 0
                          • AmbarishrhA
                            Ambarishrh
                            last edited by

                            Not sure if you have the same issue, but I had this problem on our PBX server when I was using Trixbox. It was annoying that the front desk phone rings like 50 times a day and after logging a ticket with Trixbox they said its a hacking attempt due to the ports opened for remote sip phones for my branch offices. One advice from them was to only whitelist the branch office IP and check, that didn't really helped much.

                            I setup fail2ban which even though was not supported by trixbox, after installing that and some trial and errors, the ghost calls stopped. Then we got migrated to our parent PBX server, so its not my headache anymore! 🙂

                            1 Reply Last reply Reply Quote 0
                            • 1
                            • 2
                            • 1 / 2
                            • First post
                              Last post