[OpenSIPS-Users] Weird behaviour

Adrian Vasile yoyo at opennet.ro
Thu Feb 10 19:28:42 CET 2011


I know of these issues. And all client are either behind NAT either separate voice vlans.
As for securing the proxy. What methods either than Pike combined with fail2ban would you advise?


And I finally found the culprit. "Auth INVITE":
"When enabled, authorization is required for initial incoming INVITE requests from the SIP proxy."

On Feb 10, 2011, at 6:57 PM, Dave Singer wrote:

> Adrian,
> 
> There are lots of people out there with servers doing sip scans to see
> if an ip will respond to a sip ping (NOTIFY or OPTIONS message). Then
> they will either try to send register and/or invites for all sorts of
> numbers trying to get a hit. Of course the invites are not actual
> calls so if the sip scanner gets an ATA, the customer answers the
> phone and there is no one there. Depending on the scanner it may keep
> trying through it's whole list of common sip source accounts. Then it
> can get interesting. The scanner would then mark the IP as a success
> and the hacker can then start trying to send calls through it. Though
> likely they would try a call to something like a Home Depot number and
> when the customer answers they just say sorry wrong number and mark
> the IP off their list. Customer is left alone till the next scanner
> comes sniffing.
> So ATA's many times have settings for not answering calls from places
> that shouldn't be sending them calls. The options are usually
> something like "calls ok: from register server, from proxy server,
> call to registered user, auth call" or similar.
> See what you can find in the docs for that model.
> 
> Dave
> 
> On Thu, Feb 10, 2011 at 5:07 AM, Adrian Vasile <yoyo at opennet.ro> wrote:
>> Hi,
>> I attached the trace.
>> 
>> 
>> why does the cisco spa ask for authorization?
>> Thanks,
>> Adrian Vasile
>> yoyo at opennet.ro
>> 
>> On Feb 10, 2011, at 12:42 PM, Laszlo wrote:
>> 
>> Hi Adrian,
>> 
>> 2011/2/10 Adrian Vasile <yoyo at opennet.ro>
>>> 
>>> Hello all,
>>> 
>>> Maybe it has happened to you too.. I've got a couple of cisco spa504g
>>> everything is fine with them, registering, calling out, but there seems to
>>> be a problem with the "calling in feature"..
>>> 
>>> When I try to call the spa's all they return is 403 Forbidden. Any ideas
>>> how I could remedy the situation?
>>> 
>> 
>> Try to capture one call with ngrep, and post here the output.
>> Use ngrep like this: ngrep 'xxx' port 5060 -Wbyline -q -dany -t >
>> mytrace.txt
>> 
>> (where xxx is the number/extension what you going to trace)
>> 
>> 
>> 
>>> 
>>> Thanks,
>>> Adrian Vasile
>>> yoyo at opennet.ro
>>> 
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>> 
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>> 
>> 
>> 
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>> 
>> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Adrian Vasile
yoyo at opennet.ro



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20110210/ff1a6c70/attachment-0001.htm>


More information about the Users mailing list