[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Linphone-developers] issue with constant calls from "1" or "++++"

From: Robert Phair
Subject: Re: [Linphone-developers] issue with constant calls from "1" or "++++"
Date: Wed, 15 Aug 2018 16:54:08 -0400
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1

thanks Russell... then I guess it is moving to a new house, new broadband router & Internet connection that caused the change.  I don't think this SIP connection is a hacking target but there may be rogue software on other computers here.  I'll change over to TCP if possible and see if that prevents the problem.  thanks /robert

On 15/08/18 15:41, Russell Treleaven wrote:

If you are using UDP for signalling its easier to get through the firewall.
The hacker can spoof his source address and port address to appear as your ITSP.

A UDP state-full pinhole is typically just kept open by a timer.
Your outbound UDP packet creates a pinhole and it is kept open by a timer of $n seconds which is reset by any packet sent or received that match the pinhole.
The hacker does not need to get any response from you to make your phone ring.

A TCP state-full pinhole can be a bit more sophisticated because it can use the connection establishment and connection termination features of TCP to be smarter about establishing and destroying the pinhole.

With TCP its harder for hacker to spoof his source address as the TCP handshake must take place before the INVITE can make it up the network stack to your sip user agent.

Robert it could be...
-your edge device is using a less restrictive form of nat.
-or the hacker is spoofing their source address and source port to appear like your ITSP
-or the attack is coming from within your network
-or you have inbound rules on your edge device
-something else I have not thought of

Suggest you use TCP if your ITSP supports it.

On Wed, Aug 15, 2018 at 2:05 PM, Robert Phair <address@hidden> wrote:

What should we do if we see this problem without ever having created any firewall rules?  I am seeing this myself with a generic setup: default settings with one registered SIP provider having "1000" as an extension.  Incoming calls at 1 minute intervals from "1000" in place of the "1" and "++++" in original report.

I've had 4.1.1 installed (on Ubuntu 18.04) for a couple weeks now, but only saw this problem after my first incoming call was received.  I would love to hear the further info that @Russell was suggesting.  Note the problem has gone away after restarting Linphone a couple of times (once wasn't enough).

On 13/08/18 22:44, Russell Treleaven wrote:
Sounds like you have created inbound firewall rules. For your usage model those usually not required.
Would explain more but typing with one thumb.

On Mon, Aug 13, 2018, 10:40 PM Jason Manley <address@hidden> wrote:
When linphone is running, I am getting constant calls (about once per
minute) from numbers such as "1" and "++++" and can't find anything in
settings, nor any documentation as to how to turn this off. This
happens whether I am connected to a SIP provider or not.

Linphone-developers mailing list

Linphone-developers mailing list

Linphone-developers mailing list


Russell Treleaven

Linphone-developers mailing list

reply via email to

[Prev in Thread] Current Thread [Next in Thread]