[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Ghost Calls from Port Scanning
Author Message
gykovacs Offline
Junior Member
**

Posts: 3
Joined: Mar 2014
Reputation: 0
Post: #3
RE: Ghost Calls from Port Scanning
Hi support,

I have just faced with the same problem, port scanner rings my phones. I have tried the suggested solutions, but this disable the registration to my SIP server too.

T22P phone with FW 7.72.0.25

account.1.sip_trust_ctrl=1
account.2.sip_trust_ctrl=1
account.3.sip_trust_ctrl=1

Direct IP calls need for click2dial application so I can't disable.

Here are my logs (note: valid IP addresses and domain names were replaced because of security purpose)

> Apr 24 17:44:12 SIP [450]: SUA <5+notice> [000] DNS query:Found in Cache
> Apr 24 17:44:12 SIP [450]: DNS <6+info > [DNS] dns record 0: removed.example.com/111.222.333.444
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] DNS resolution with 111.222.333.444:5060
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] Message sent: (to dest=111.222.333.444:5060)
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000]
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] REGISTER sip:removed.example.com SIP/2.0^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] Via: SIP/2.0/UDP 10.6.118.22:5072;branch=z9hG4bK1557744813^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] From: "209" <sip:209@removed.example.com>;tag=1736150681^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] To: "209" <sip:209@removed.example.com>^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] Call-ID: 579639055@10.6.118.22^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] CSeq: 1 REGISTER^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] Contact: <sip:209@10.6.118.22:5072>^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] Allow: INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, REGISTER, SUBSCRIBE, REFER, PUBLISH, UPDATE, MESSAGE^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] Max-Forwards: 70^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] User-Agent: Yealink SIP-T22P 7.72.0.25^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] Expires: 3600^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] Allow-Events: talk,hold,conference,refer,check-sync^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] Content-Length: 0^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] ^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000]
> Apr 24 17:44:12 SIP [450]: SDL <5+notice> [000] send request retransmission (id=1)^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] Received message:
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000]
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] SIP/2.0 401 Unauthorized^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] Via: SIP/2.0/UDP 10.6.118.22:5072;branch=z9hG4bK1557744813;received=222.333.444.555;rport=5072^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] To: "209"<sip:209@removed.example.com>;tag=fdfa5237^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] From: "209"<sip:209@removed.example.com>;tag=1736150681^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] Call-ID: 579639055@10.6.118.22^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] CSeq: 1 REGISTER^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] WWW-Authenticate: Digest realm="example",algorithm=MD5,nonce="53594d543bc71f60f7d560d4b656e40f3176ab17",qop="auth",opaque="",stale=false^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] Content-Length: 0^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] ^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000]
> Apr 24 17:44:12 SIP [450]: SUA <6+info > [000] SIPTrustCtrl IS Enable
> Apr 24 17:44:12 SIP [450]: SUA <3+error > [000] IP:[111.222.333.444] is NO found in the dns cache,discard this message!

The phone knows the IP address of the server, sends out the registration message, but after a little bit later the same IP address is not trusted already.
"IP:[111.222.333.444] is NO found in the dns cache,discard this message".
The registration is based on SRV records, the SRV contains 2 IP addresses with priority. In the logs I see only one IP address (the one with highest priority) if it counts.
Any advice?
04-25-2014 08:09 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Messages In This Thread
Ghost Calls from Port Scanning - ctiefel - 11-08-2013, 10:01 PM
RE: Ghost Calls from Port Scanning - gykovacs - 04-25-2014 08:09 PM
RE: Ghost Calls from Port Scanning - Fuur - 11-25-2014, 07:01 PM

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  W80 Emergency Calls with Locked Keypad sandro84 0 377 10-18-2021 07:57 PM
Last Post: sandro84
  Silencing / Rejecting Queue Calls asafayan 1 1,268 07-13-2021 03:45 AM
Last Post: complex1
  Share Wi/Fi to PC port kevins1701 1 1,945 04-07-2021 04:58 AM
Last Post: Yisroel_MongoTEL
  RTCP-XR MOS-CQ scores 0 on many calls CyVon 0 1,202 04-01-2021 04:18 AM
Last Post: CyVon
  Making calls without registration : T22P phatcow 3 7,604 02-09-2021 09:59 PM
Last Post: naveenhome64
  Calls to more than three participants? It's possible? Cimmerio 4 3,042 01-29-2021 10:13 PM
Last Post: Yisroel_MongoTEL
  Is there a way to stop incoming calls from being muted Janelle 0 1,537 11-16-2020 07:05 AM
Last Post: Janelle
  Direct IP Call Outside LAN with specific port BumbleBears 2 3,701 05-28-2020 02:13 PM
Last Post: Lewis-H
  IP Phone sometimes does not receive calls from my own mobile phone. willywonka 4 5,720 05-27-2020 01:12 AM
Last Post: willywonka
  Outgoing calls fail - Forbidden TotalNet 4 6,745 05-07-2020 08:30 PM
Last Post: TotalNet

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication