linphone-developers
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Linphone-developers] very strange behaviuor of android app


From: Russell Treleaven
Subject: Re: [Linphone-developers] very strange behaviuor of android app
Date: Wed, 30 Mar 2016 12:08:04 -0400

Your scenario does not mean that the Linphone apps on the playmarket is hacked.
These calls are coming from some hacker using a tool called sipvicious.
Have you created an inbound firewall rule on your home firewall for your softphone?

Russell





On Wed, Mar 30, 2016 at 11:57 AM, Alex <address@hidden> wrote:
Hello,

Yesterday,  I've  installed  Linphone  on an Android phone from Google Play. The
phone  has  a  stock firmware and not rooted. I created a sip account to connect
Linphone  to my office Asterisk (it's not faced to the Internet) and played with
it for couple hours in the office. Then went home.

This  night  at  approx.  4am I started receiving calls from unknown nunmbers. I
dropped  them  but  the  calls came constantly. Finally I've sent logs to myself
(from About menu) and turned off Linphone.

Here is a snippet from the log:
...
2016-03-30 05:53:07:012 MESSAGE belle_sip_get_src_addr_for(): af_inet6=0
2016-03-30 05:53:07:013 MESSAGE Channel has local address 192.168.1.102:5060
2016-03-30 05:53:07:013 MESSAGE channel 0xabedf128: state READY
2016-03-30 05:53:07:013 MESSAGE udp_listening_point: new channel created to 23.239.65.172:5070
2016-03-30 05:53:07:015 MESSAGE bellesip_wake_lock_acquire(): Android wake lock acquired [ref=0x649008be]
2016-03-30 05:53:07:015 MESSAGE channel [0xabedf128]: starting recv background task with id=[649008be].
2016-03-30 05:53:07:016 MESSAGE channel [0xabedf128]: received [752] new bytes from [UDP://23.239.65.172:5070]:
INVITE sip:address@hidden SIP/2.0
To: 0972597740483<sip:address@hidden>
From: 2022<sip:address@hidden>;tag=c0456eb0
Via: SIP/2.0/UDP 23.239.65.172:5070;branch=z9hG4bK-0af3431b5b5e528f4bc7e81e5c8fd611;rport
Call-ID: 0af3431b5b5e528f4bc7e81e5c8fd611
CSeq: 1 INVITE
Contact: <sip:address@hidden:5070>
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, BYE
User-Agent: sipcli/v1.8
Content-Type: application/sdp
Content-Length: 282

v=0
o=sipcli-Session 424980921 1826714528 IN IP4 23.239.65.172
s=sipcli
c=IN IP4 23.239.65.172
t=0 0
m=audio 5073 RTP/AVP 18 0 8 101
a=fmtp:101 0-15
a=rtpmap:18 G729/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=ptime:20
a=sendrecv

2016-03-30 05:53:07:024 MESSAGE channel [0xabedf128] [470] bytes parsed
2016-03-30 05:53:07:024 MESSAGE channel [0xabedf128] read [282] bytes of body from [23.239.65.172:5070]
2016-03-30 05:53:07:026 MESSAGE Changing [server] [INVITE] transaction [0xab99f600], from state [INIT] to [PROCEEDING]
2016-03-30 05:53:07:027 MESSAGE channel [0xabedf128]: message sent to [UDP://23.239.65.172:5070], size: [280] bytes
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 23.239.65.172:5070;branch=z9hG4bK-0af3431b5b5e528f4bc7e81e5c8fd611;rport
From: "2022" <sip:address@hidden>;tag=c0456eb0
To: "0972597740483" <sip:address@hidden>
Call-ID: 0af3431b5b5e528f4bc7e81e5c8fd611
CSeq: 1 INVITE


2016-03-30 05:53:07:027 MESSAGE New server dialog [0xab743078] , local tag [], remote tag [c0456eb0]
2016-03-30 05:53:07:027 MESSAGE op [0xabd13df8] : set_or_update_dialog() current=[0x0] new=[0xab743078]
2016-03-30 05:53:07:027 MESSAGE new incoming call from ["2022" <sip:address@hidden>] to ["0972597740483" <sip:address@hidden>]
...

192.168.1.102 - is my ip address in my home wifi network
178.162.x.y   - is a public ip of my home wifi router

The full log is available at https://www.dropbox.com/s/nv6sece7whkgpw8/linphone.zip?dl=0

In  the log you may find REGISTER requests to 172.26.1.242:5060 - it's my office
Asterisk which is inaccessible from home.

Can someone shed some light what was it and how could that happen?

I see the only cause of this: Linphone app on the playmarket is hacked. Is it?

--
Best regards,
Alex


_______________________________________________
Linphone-developers mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/linphone-developers


reply via email to

[Prev in Thread] Current Thread [Next in Thread]