+- Yealink Forums (http://forum.yealink.com/forum)
+-- Forum: IP Phone Series (/forumdisplay.php?fid=4)
+--- Forum: General topics (/forumdisplay.php?fid=15)
+--- Thread: Ghost Calls from Port Scanning (/showthread.php?tid=1012)
RE: Ghost Calls from Port Scanning - ctiefel - 06-30-2014 07:36 PM
(06-30-2014 03:11 AM)remstar Wrote: I have a client facing the same problem calls from 1000 NON stop 24x7 , There phones are connected to a hosted Elastix system, They are using a BT Homehub, However its only 1 phone that is being affected.
I've Disabled "allow i.p calls"
and changed the "Local SIP Port" under advanced to something random.
Is there anything else i can do to prevent this?, Can anything else be entered on the phone to prevent these calls? Apart from changing the sip port from 5060.
Or can something be changed on Elastix?
Would buying a a decent router help?
Cheers
The only time we seem to have this happen is when we are deploying a single phone into a home network situation. In deployments in an office network environment we have only ran into it when there are holes in the firewall or the particular phone it is affecting is in DMZ mode.
RE: Ghost Calls from Port Scanning - Yealink Support - 07-01-2014 02:25 PM
Hi remstar,
Did you try the following steps:
Quote:You can try to add below syntaxs to your cfg template(M7 template) and auto-provisioning it.Please try again and feed back to me.
1. You can try this syntax in CFG template.
---------------------------------------------------------------------------
#!version:1.0.0.1
#The x of the parameter "account.x.sip_trust_ctrl " ranges from 1 to max accounts. For example, x ranges from 1 to 6 of T28.
account.x.sip_trust_ctrl=1
------------------------------------------------------------------------------------------
When you want to enable this sip trust control for account 1, fill 1 to “account.1.sip_trust_ctrl”.
Then SIP messages from other servers will refuse by the phone.
2. If not, you can disable the “Allow IP Call” in webpage or auto-provisioning and try again.
-------------------------------------------------------------------------------------------------
#!version:1.0.0.1
#Enable or disable the phone to dial the IP address directly; 0-Disabled, 1-Enabled (default);
features.direct_ip_call_enable = 0
-------------------------------------------------------------------------------------------------
thanks
RE: Ghost Calls from Port Scanning - ndurain - 10-14-2014 12:23 AM
Do we have a fix for this with the latest firmware for the Base and Handset?
I have been looking for answers and wondered if this could lead to a better fix than with the older versions that may have been factory shipped with it.
If someone has an update bin file that I can use or a conf file I can use that would be awesome.
Thanks,
N Durain
RE: Ghost Calls from Port Scanning - ctiefel - 10-14-2014 12:25 AM
Yeah, the "Allow IP Call" setting has stopped working to thwart these ghost calls. Does Yealink have a new fix for this issue?
RE: Ghost Calls from Port Scanning - Yealink Support - 10-14-2014 02:27 PM
Hi ndurain/ctiefel,
The man don't need to set these parameters if their network don't meet this issue. We will consider to add the sip trust control parameter on the web gui for more convenient in the future.
If you have this ghost call issue, and you don't know how to set it via autop. I attached the software, cfg file and video for reference.
siptru-autoprovision
thanks
RE: Ghost Calls from Port Scanning - elementpbx - 10-14-2014 09:31 PM
Huge issue here. We are getting home users with small routers complaining all the time.
Would be nice to block anonymous port scanning on the phone as these scanners are getting more and more aggressive.
Does the disabling of ALLOW IP CALL work or does it not work?
T46G mostly. It's hard for us to test since at our office and home users (Asterisk reseller) we have routers that block these requests pretty well, but home users of our customers use standard routers that come from Internet provider.
RE: Ghost Calls from Port Scanning - Axion Communications - 10-24-2014 04:05 AM
Disabling ALLOW_IP_CALL will stop the phone from ringing when it receives an INVITE directly to it's IP address. We've confirmed that in our office with T46G's running 28.72.0.2 firmware and T38's running 38.70.0.16.
RE: Ghost Calls from Port Scanning - Wilson_Yealink - 10-24-2014 03:21 PM
Hi elementpbx/jtcary,
Please enable the sip trust control, this is important step to solve ghost call issue. You can enable the sip trust control firstly, if the issue can't be solved, then disable the IP call feature.
You can try this syntax in CFG template.
Code:
#!version:1.0.0.1
#The x of the parameter "account.x.sip_trust_ctrl " ranges from 1 to max accounts. For example, x ranges from 1 to 5 of W52P.
#You need to confirm which line you used.
account.x.sip_trust_ctrl=1When you want to enable this sip trust control for account 1, fill 1 to “account.1.sip_trust_ctrl”.
Then SIP messages from other servers will refuse by the phone.
We have released the V73 betas version, please upgrade your firmware version to it then check the issue whether still exist after above step.
V73 Beta2 Version Firmware And Release Notes of Version 73 Release
thanks
RE: Ghost Calls from Port Scanning - Fuur - 11-25-2014 07:01 PM
I cant seem to find the new beta firmware for Yealink T38G.
Testet with T46G and the new firmware with account.1.sip_trust_ctrl = 1
They still get ghost calls
RE: Ghost Calls from Port Scanning - Bryan Nelson - 12-04-2014 07:24 AM
Remstar:
Changing to TCP an a non 5060 port has worked for us in stubborn scanner situations. Scanners are generally kinda lazy and don't hit TCP ranges...yet.
I too am having trouble getting sip trust control to work properly. It works great if we only use our registration server's A-record, but using DNS-SRV records for redundancy results in a rejection since the SRV record technically doesn't match the actual name of the server communicating. The A-records are being stored in the local DNS cache, and are provisioned into the cache manuallly.
Anybody had success using this feature? Shuffling ports, and suggesting higher power routers with a decent firewall are not always good options.