[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 1 Votes - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
hacking calls
Author Message
gustavoy Offline
Junior Member
**

Posts: 5
Joined: Oct 2013
Reputation: 1
Post: #1
hacking calls
Hi we have deployed a pbx with internal and external extensions.
The external extensions (public ips) are getting random calls from extensions that do not exist on the pbx and dont appear on pbx logs.
My guess is that this are hackers trying to acces the pone on the public internet. Is there a way that the pone only talks to the sip server. This woul stop requests from other ips.
Bellow the only log i have been able to put from the pone.
x.x.x.x is phone ip address.
Can you help? thanks

4 Lun Oct 21 01:43pm x.x.x.x@x.x.x.x 1000 1000@x.x.x.x
5 Lun Oct 21 01:43pm x.x.x.x@x.x.x.x 1000 1000@x.x.x.x
6 Lun Oct 21 01:43pm x.x.x.x@x.x.x.x 1000 1000@x.x.x.x
7 Lun Oct 21 01:43pm x.x.x.x@x.x.x.x 1000 1000@x.x.x.x
8 Lun Oct 21 01:20pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
9 Lun Oct 21 01:20pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
10 Lun Oct 21 01:20pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
11 Lun Oct 21 01:20pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
12 Lun Oct 21 01:20pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
13 Lun Oct 21 01:20pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
14 Lun Oct 21 01:20pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
15 Lun Oct 21 01:20pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
16 Lun Oct 21 01:20pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
17 Lun Oct 21 01:20pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
18 Lun Oct 21 01:20pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
19 Lun Oct 21 01:20pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
20 Lun Oct 21 01:20pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
21 Lun Oct 21 01:20pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
22 Lun Oct 21 01:20pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
23 Lun Oct 21 01:20pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
24 Lun Oct 21 01:20pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
25 Lun Oct 21 01:20pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
26 Lun Oct 21 01:20pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
27 Lun Oct 21 01:19pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
28 Lun Oct 21 01:19pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
29 Lun Oct 21 01:19pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
30 Lun Oct 21 01:19pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
31 Lun Oct 21 01:19pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
32 Lun Oct 21 01:19pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
33 Lun Oct 21 01:19pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
34 Lun Oct 21 01:19pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
35 Lun Oct 21 01:19pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
36 Lun Oct 21 01:19pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
37 Lun Oct 21 01:19pm x.x.x.x@x.x.x.x 201 201@x.x.x.x
38 Lun Oct 21 11:31am x.x.x.x@x.x.x.x 100 100@x.x.x.x
39 Lun Oct 21 11:31am x.x.x.x@x.x.x.x 100 100@x.x.x.x
40 Lun Oct 21 11:31am x.x.x.x@x.x.x.x 100 100@x.x.x.x
41 Lun Oct 21 11:30am x.x.x.x@x.x.x.x 100 100@x.x.x.x
42 Lun Oct 21 11:30am x.x.x.x@x.x.x.x 100 100@x.x.x.x
43 Lun Oct 21 11:30am x.x.x.x@x.x.x.x 100 100@x.x.x.x
44 Lun Oct 21 11:30am x.x.x.x@x.x.x.x 100 100@x.x.x.x
45 Lun Oct 21 11:30am x.x.x.x@x.x.x.x 100 100@x.x.x.x
46 Lun Oct 21 11:30am x.x.x.x@x.x.x.x 100 100@x.x.x.x
47 Lun Oct 21 11:30am x.x.x.x@x.x.x.x 100 100@x.x.x.x
48 Lun Oct 21 11:30am x.x.x.x@x.x.x.x 100 100@x.x.x.x
49 Lun Oct 21 11:30am x.x.x.x@x.x.x.x 100 100@x.x.x.x
10-22-2013 11:35 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Yealink Support Offline
Administrator
*******

Posts: 2,683
Joined: Dec 2012
Reputation: 25
Post: #2
RE: hacking calls
Hi gustavoy,

Do you tell me the version and model of your phone?
Your issue seems that the hacker find your ip address of phone and call to you.
You can do follow steps to avoid this kind of issue.
1. We have added ip allow list in the v70 version and V71 version, some in V61 version.(I upload a screenshot in the attachment. Enter webpage->Features->Romote Control->Action URI allow IP List)
So please upgrade your phone to the latest version and there must be have this setting.
And fill your ip address of sip server in the allow ip address.


2. Disable the allow ip call.(Enter webpage->Features->General Information->Allow IP Call)

3. If you can find the logs in your voice gateway, you can define the ip in your voice gateway.

Please try again.
Thanks


Attached File(s) Thumbnail(s)
       
(This post was last modified: 10-23-2013 04:46 PM by Yealink Support.)
10-23-2013 04:43 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
gustavoy Offline
Junior Member
**

Posts: 5
Joined: Oct 2013
Reputation: 1
Post: #3
RE: hacking calls
Hi phone are t22 with firmware 7.70.0.140

Thanks



(10-23-2013 04:43 PM)Yealink Support Wrote:  Hi gustavoy,

Do you tell me the version and model of your phone?
Your issue seems that the hacker find your ip address of phone and call to you.
You can do follow steps to avoid this kind of issue.
1. We have added ip allow list in the v70 version and V71 version, some in V61 version.(I upload a screenshot in the attachment. Enter webpage->Features->Romote Control->Action URI allow IP List)
So please upgrade your phone to the latest version and there must be have this setting.
And fill your ip address of sip server in the allow ip address.


2. Disable the allow ip call.(Enter webpage->Features->General Information->Allow IP Call)

3. If you can find the logs in your voice gateway, you can define the ip in your voice gateway.

Please try again.
Thanks
10-23-2013 08:22 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Yealink Support Offline
Administrator
*******

Posts: 2,683
Joined: Dec 2012
Reputation: 25
Post: #4
RE: hacking calls
Hi gustavoy,

How is the issue now?
10-24-2013 02:39 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
gustavoy Offline
Junior Member
**

Posts: 5
Joined: Oct 2013
Reputation: 1
Post: #5
RE: hacking calls
Seems to be resolved ill let you know if we recieve any more attempts. Thanks for your prompt response


(10-24-2013 02:39 PM)Yealink Support Wrote:  Hi gustavoy,

How is the issue now?
10-25-2013 11:17 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
rfrantik@rfcinc.com Offline
Junior Member
**

Posts: 31
Joined: Jan 2013
Reputation: 0
Post: #6
RE: hacking calls
We had to put a phone on a public IP and had the same issue... setting the server IP in Action URI and disabling the Allow IP Call fixed our issue. Thanks.
10-02-2014 01:20 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
saulgoodwin Offline
Junior Member
**

Posts: 4
Joined: Oct 2014
Reputation: 0
Post: #7
RE: hacking calls
Great advice, thank you.
Fixed problems for Yealink T22P and T26P.
11-06-2014 01:31 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
ArthurDent Offline
Junior Member
**

Posts: 1
Joined: Dec 2014
Reputation: 0
Post: #8
RE: hacking calls
(10-23-2013 04:43 PM)Yealink Support Wrote:  Hi gustavoy,

Do you tell me the version and model of your phone?
Your issue seems that the hacker find your ip address of phone and call to you.
You can do follow steps to avoid this kind of issue.
1. We have added ip allow list in the v70 version and V71 version, some in V61 version.(I upload a screenshot in the attachment. Enter webpage->Features->Romote Control->Action URI allow IP List)
So please upgrade your phone to the latest version and there must be have this setting.
And fill your ip address of sip server in the allow ip address.


2. Disable the allow ip call.(Enter webpage->Features->General Information->Allow IP Call)

3. If you can find the logs in your voice gateway, you can define the ip in your voice gateway.

Please try again.
Thanks

Hi,

I tried the above and still getting calls from 1000 number. Is there not a way we can lock the phone down to only accept calls from a specific IP address or DNS name?

Also not sure what you mean in part 3.

Many thanks,
12-11-2014 11:33 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Wilson_Yealink Offline
Administrator
*******

Posts: 171
Joined: Aug 2014
Reputation: 0
Post: #9
RE: hacking calls
Hi ArthurDent,

Please try below steps:
1. Upgrade the firmware to the latest version(V73). You can get the firmware from below links:
V73 Beta2 Version Firmware And Release Notes of Version 73 Release

2.You can try to add below syntaxs to your cfg template(M7 template) and auto-provisioning it.
Code:
#!version:1.0.0.1
#The x of the parameter "account.x.sip_trust_ctrl " ranges from 1 to max accounts.
​#You need to confirm which line you used.
account.x.sip_trust_ctrl=1
When you want to enable this sip trust control for account 1, fill 1 to “account.1.sip_trust_ctrl”.
Then SIP messages from other servers will refuse by the phone.

If you don't know how to do auto provision, please click below link to download the file which including the video, CFG file and software.
siptru-autoprovision

thanks
(This post was last modified: 12-12-2014 03:56 PM by Wilson_Yealink.)
12-12-2014 03:56 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
gmaio Offline
Junior Member
**

Posts: 1
Joined: May 2015
Reputation: 0
Post: #10
RE: hacking calls
Hi everyone,
I have the same problem of SPAM IP calls coming from ghost numbers as 82,83, 1001, etc.. on only one phone in the company. I know that could sound a bit strange but I have 15 Yealink SIP-T32G in our offices and only one is affected by these spamming calls. I've already updated just yesterday its firmware to ver 32.70.1.33 and its hardware version is reported to be 22.3.2.32.0.0.0. I've already changed the server SIP port and the Outbound proxy server port to 5070. The local SIP port is 5060.
I would like to configure the affected phone (and the others as well) in order to accept only calls coming from the PBX SERVER which is external and Asterisk based. How can I properly configure my SIP-T32G phones to eliminate these spam calls? I've already tried to follow some tutorials I've found in this forum and also on other web sites but they are all intended for different phone models.
Moreover, the company voip telephone network use a dedicated modem/router Cisco Linksys X3000 and a dedicated ADSL. Is there a way to filter the ghost calls at router level in order to protect all the company voip network?
Thanks in advance for any advice on the matter.
(This post was last modified: 06-23-2015 03:01 PM by gmaio.)
06-23-2015 02:51 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Yealink T58W and Grandstream UCM6308 delayed audio on outgoing calls waltersjo 2 1,695 12-19-2023 11:10 PM
Last Post: waltersjo
  T33G - Unknown Symbol - Can't Make Outbound Calls bbopp 0 570 12-09-2023 03:21 AM
Last Post: bbopp
  WH67 (UC) Not Working for Outbound Calls Chepino96 0 850 10-04-2023 05:26 AM
Last Post: Chepino96
  View call logs for dropped calls computersense 0 918 08-15-2023 11:26 AM
Last Post: computersense
  Issue with headsets, calls are spontaneously ended sanderv85 3 2,288 06-15-2023 06:44 PM
Last Post: complex1
  W78P wont receive calls dleather 1 1,781 12-22-2022 12:15 AM
Last Post: dleather
  From field user part incomplete on some outbound calls oliv 1 1,910 11-25-2022 06:14 PM
Last Post: oliv
  W80 Emergency Calls with Locked Keypad sandro84 0 2,928 10-18-2021 07:57 PM
Last Post: sandro84
  Silencing / Rejecting Queue Calls asafayan 1 4,672 07-13-2021 03:45 AM
Last Post: complex1
  RTCP-XR MOS-CQ scores 0 on many calls CyVon 0 3,196 04-01-2021 04:18 AM
Last Post: CyVon

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication