Re: [Linphone-developers] issue with constant calls from "1" or "++++"

[Robert Phair]

thanks Russell... then I guess it is moving to a new house, new broadband router & Internet connection that caused the change.  I don't think this SIP connection is a hacking target but there may be rogue software on other computers here.  I'll change over to TCP if possible and see if that prevents the problem.  thanks /robert

On 15/08/18 15:41, Russell Treleaven wrote:

https://en.wikipedia.org/wiki/Network_address_translation#Methods_of_translation

If you are using UDP for signalling its easier to get through the firewall.

The hacker can spoof his source address and port address to appear as your ITSP.

A UDP state-full pinhole is typically just kept open by a timer.

Your outbound UDP packet creates a pinhole and it is kept open by a timer of $n seconds which is reset by any packet sent or received that match the pinhole.

The hacker does not need to get any response from you to make your phone ring.

A TCP state-full pinhole can be a bit more sophisticated because it can use the connection establishment and connection termination features of TCP to be smarter about establishing and destroying the pinhole.

With TCP its harder for hacker to spoof his source address as the TCP handshake https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Connection_establishment must take place before the INVITE can make it up the network stack to your sip user agent.

Robert it could be...

-your edge device is using a less restrictive form of nat.

-or the hacker is spoofing their source address and source port to appear like your ITSP

-or the attack is coming from within your network

-or you have inbound rules on your edge device

-something else I have not thought of

Suggest you use TCP if your ITSP supports it.

On Wed, Aug 15, 2018 at 2:05 PM, Robert Phair <address@hidden> wrote:

What should we do if we see this problem without ever having created any firewall rules?  I am seeing this myself with a generic setup: default settings with one registered SIP provider having "1000" as an extension.  Incoming calls at 1 minute intervals from "1000" in place of the "1" and "++++" in original report.

I've had 4.1.1 installed (on Ubuntu 18.04) for a couple weeks now, but only saw this problem after my first incoming call was received.  I would love to hear the further info that @Russell was suggesting.  Note the problem has gone away after restarting Linphone a couple of times (once wasn't enough).

On 13/08/18 22:44, Russell Treleaven wrote:

Sounds like you have created inbound firewall rules. For your usage model those usually not required.

Would explain more but typing with one thumb.

On Mon, Aug 13, 2018, 10:40 PM Jason Manley <address@hidden> wrote:

When linphone is running, I am getting constant calls (about once per
minute) from numbers such as "1" and "++++" and can't find anything in
settings, nor any documentation as to how to turn this off. This
happens whether I am connected to a SIP provider or not.


_______________________________________________
Linphone-developers mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/linphone-developers

_______________________________________________
Linphone-developers mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/linphone-developers

_______________________________________________
Linphone-developers mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/linphone-developers

--

Sincerely,

Russell Treleaven

sip:address@hidden;transport=tcp

_______________________________________________
Linphone-developers mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/linphone-developers