[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Linphone-users] Strange packets & forged incoming calls
From: |
Pierre Fortin |
Subject: |
[Linphone-users] Strange packets & forged incoming calls |
Date: |
Thu, 28 Jan 2016 22:12:18 -0500 |
Hi,
New to linphone, and I'm wondering why I'm seeing packets going to
various sites (see below). When I first start linphone, after initial
registration, there is no network traffic. At some point linphone
starts sending out[1] packets to a remote site every 10 seconds. Over
time, another remote site is added to the list; then later, another,
etc...
As I write this, the list of remote sites has grown to 18.,, Then,
after some time, I start getting calls with forged origins -- they appear
as a call from address@hidden
I previously posted a way to block these bogus calls; but it's beginning
to appear that it may become a whack-a-mole solution. The most recent
bogus calls are coming in at a rate of one a minute...
Anyone have an idea what could be going on?
Thanks,
Pierre
[1] I don't believe my system is responding to external stimulus every 10
seconds because the below list of packets is sent within <1 ms, always in
the same order.
[2] So far, NNNN has been 1101, 1001 & 2022.
The packets only differ in:
- destination IP & port
- checksums
- ID
The packets look like this:
Frame 1: 46 bytes on wire (368 bits), 46 bytes captured (368 bits) on
interface 0 Interface id: 0 (wlp3s0)
Encapsulation type: Ethernet (1)
Arrival Time: Jan 28, 2016 18:48:56.790976833 EST
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1454024936.790976833 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 46 bytes (368 bits)
Capture Length: 46 bytes (368 bits)
[Frame is marked: True]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:udp:data]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: IntelCor_ad:3b:71 (a0:a8:cd:ad:3b:71), Dst:
BuffaloI_4c:b7:3c (dc:fb:02:4c:b7:3c) Destination: BuffaloI_4c:b7:3c
(dc:fb:02:4c:b7:3c) Address: BuffaloI_4c:b7:3c (dc:fb:02:4c:b7:3c)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default) .... ...0 .... .... .... .... = IG bit: Individual
address (unicast) Source: IntelCor_ad:3b:71 (a0:a8:cd:ad:3b:71)
Address: IntelCor_ad:3b:71 (a0:a8:cd:ad:3b:71)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default) .... ...0 .... .... .... .... = IG bit: Individual
address (unicast) Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.1.14, Dst: 188.138.118.21
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes
Differentiated Services Field: 0x68 (DSCP: AF31, ECN: Not-ECT)
0110 10.. = Differentiated Services Codepoint: Assured Forwarding
31 (26) .... ..00 = Explicit Congestion Notification: Not ECN-Capable
Transport (0) Total Length: 32
Identification: 0x7864 (30820)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (17)
Header checksum: 0xcdaa [validation disabled]
[Good: False]
[Bad: False]
Source: 192.168.1.14
Destination: 188.138.118.21
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
User Datagram Protocol, Src Port: 5060 (5060), Dst Port: 5110 (5110)
Source Port: 5060
Destination Port: 5110 <== different per site
Length: 12
Checksum: 0xc9b1 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[Stream index: 0]
Data (4 bytes)
Data: 0d0a0d0a
[Length: 4]
0000 dc fb 02 4c b7 3c a0 a8 cd ad 3b 71 08 00 45 68 ...L.<....;q..Eh
0010 00 20 78 64 40 00 40 11 cd aa c0 a8 01 0e bc 8a .
address@hidden@.........
0020 76 15 13 c4 13 f6 00 0c c9 b1 0d 0a 0d 0a v.............
The remote IPs at the moment are:
188.138.118.21 loft7836.serverprofi24.com
208.73.206.244 admin2.tusvendedores.com.mx
69.30.221.162 drylimn.com
212.83.188.161 212-83-188-161.rev.poneytelecom.eu
188.138.102.149 atlantic2017.serverprofi24.eu
209.239.112.201 eagle447.startdedicated.com
173.208.176.26 unknown
108.59.4.197 unknown
217.79.182.144 y125.yellow.servdiscount-customer.com
108.59.4.195 unknown
206.221.182.58 hosted-by.reliablesite.net
88.150.253.47 h88-150-253-47.host.redstation.co.uk
5.79.69.72 unknown
163.172.6.146 163-172-6-146.rev.poneytelecom.eu
208.73.206.244 admin2.tusvendedores.com.mx
89.163.134.51 unknown
74.91.17.34 unknown
188.138.57.238 loft11186.serverprofi24.com
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Linphone-users] Strange packets & forged incoming calls,
Pierre Fortin <=