linphone-developers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Linphone-developers] issue with constant calls from "1" or "++++"

From: Jason Manley
Subject: Re: [Linphone-developers] issue with constant calls from "1" or "++++"
Date: Mon, 27 Aug 2018 17:53:45 -0500 
Hello, just following up on this. I happened to change my settings to
use TCP instead of UDP, and restarted linphone a couple of times. I
still sometimes get the calls from 1001 ( sip:address@hidden ).
Perhaps this is an issue I should take up with the voip provider (1-
voip)?

On Wed, 2018-08-15 at 17:04 -0400, Russell Treleaven wrote:
> every reachable sip user agent is a hacking target.
> 
> 
> On Wed, Aug 15, 2018 at 4:54 PM, Robert Phair <address@hidden>
> wrote:
> > thanks Russell... then I guess it is moving to a new house, new
> > broadband router & Internet connection that caused the change.  I
> > don't think this SIP connection is a hacking target but there may
> > be rogue software on other computers here.  I'll change over to TCP
> > if possible and see if that prevents the problem.  thanks /robert
> > On 15/08/18 15:41, Russell Treleaven wrote:
> > > 
https://en.wikipedia.org/wiki/Network_address_translation#Methods_of_translation
> > > 
> > > If you are using UDP for signalling its easier to get through the
> > > firewall.
> > > The hacker can spoof his source address and port address to
> > > appear as your ITSP.
> > > 
> > > A UDP state-full pinhole is typically just kept open by a timer.
> > > Your outbound UDP packet creates a pinhole and it is kept open by
> > > a timer of $n seconds which is reset by any packet sent or
> > > received that match the pinhole.
> > > The hacker does not need to get any response from you to make
> > > your phone ring.
> > > 
> > > A TCP state-full pinhole can be a bit more sophisticated because
> > > it can use the connection establishment and connection
> > > termination features of TCP to be smarter about establishing and
> > > destroying the pinhole.
> > > 
> > > With TCP its harder for hacker to spoof his source address as the
> > > TCP handshake 
> > > https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Connection_establishment
> > >  must take place before the INVITE can make it up the network
> > > stack to your sip user agent.
> > > 
> > > Robert it could be...
> > > -your edge device is using a less restrictive form of nat.
> > > -or the hacker is spoofing their source address and source port
> > > to appear like your ITSP
> > > -or the attack is coming from within your network
> > > -or you have inbound rules on your edge device
> > > -something else I have not thought of
> > > 
> > > Suggest you use TCP if your ITSP supports it.
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > On Wed, Aug 15, 2018 at 2:05 PM, Robert Phair <address@hidden>
> > > wrote:
> > > > What should we do if we see this problem without ever having
> > > > created any firewall rules?  I am seeing this myself with a
> > > > generic setup: default settings with one registered SIP
> > > > provider having "1000" as an extension.  Incoming calls at 1
> > > > minute intervals from "1000" in place of the "1" and "++++" in
> > > > original report.
> > > > I've had 4.1.1 installed (on Ubuntu 18.04) for a couple weeks
> > > > now, but only saw this problem after my first incoming call was
> > > > received.  I would love to hear the further info that @Russell
> > > > was suggesting.  Note the problem has gone away after
> > > > restarting Linphone a couple of times (once wasn't enough).
> > > > On 13/08/18 22:44, Russell Treleaven wrote:
> > > > > Sounds like you have created inbound firewall rules. For your
> > > > > usage model those usually not required.
> > > > > Would explain more but typing with one thumb.
> > > > > 
> > > > > On Mon, Aug 13, 2018, 10:40 PM Jason Manley <
> > > > > address@hidden> wrote:
> > > > > > When linphone is running, I am getting constant calls
> > > > > > (about once per
> > > > > > minute) from numbers such as "1" and "++++" and can't find
> > > > > > anything in
> > > > > > settings, nor any documentation as to how to turn this off.
> > > > > > This
> > > > > > happens whether I am connected to a SIP provider or not.
> > > > > > 
> > > > > > 
> > > > > > _______________________________________________
> > > > > > Linphone-developers mailing list
> > > > > > address@hidden
> > > > > > 
https://lists.nongnu.org/mailman/listinfo/linphone-developers
> > > > > > 
> > > > > 
> > > > > 
> > > > > _______________________________________________
> > > > > Linphone-developers mailing list
> > > > > address@hidden
> > > > > https://lists.nongnu.org/mailman/listinfo/linphone-developers
> > > >  
> > > > 
> > > > _______________________________________________
> > > > Linphone-developers mailing list
> > > > address@hidden
> > > > https://lists.nongnu.org/mailman/listinfo/linphone-developers
> > > > 
> > > > 
> > > 
> > > 
> > > 
> > > -- 
> > > Sincerely,
> > > 
> > > Russell Treleaven
> > > sip:address@hidden;transport=tcp
> > > 
> > > 
> > > 
> > > _______________________________________________
> > > Linphone-developers mailing list
> > > address@hidden
> > > https://lists.nongnu.org/mailman/listinfo/linphone-developers
> >  
> > 
> > _______________________________________________
> > Linphone-developers mailing list
> > address@hidden
> > https://lists.nongnu.org/mailman/listinfo/linphone-developers
> > 
> 
> 
> 
> _______________________________________________
> Linphone-developers mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/linphone-developers
reply via email to
[Prev in Thread] Current Thread [Next in Thread]