[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Ghost Calls from Port Scanning
Author Message
ctiefel Offline
Junior Member
**

Posts: 24
Joined: Nov 2013
Reputation: 0
Post: #4
RE: Ghost Calls from Port Scanning
(04-25-2014 08:09 PM)gykovacs Wrote:  Hi support,

I have just faced with the same problem, port scanner rings my phones. I have tried the suggested solutions, but this disable the registration to my SIP server too.

T22P phone with FW 7.72.0.25

account.1.sip_trust_ctrl=1
account.2.sip_trust_ctrl=1
account.3.sip_trust_ctrl=1

Direct IP calls need for click2dial application so I can't disable.

Here are my logs (note: valid IP addresses and domain names were replaced because of security purpose)

> Apr 24 17:44:12 SIP [450]: SUA <5+notice> [000] DNS query:Found in Cache
> Apr 24 17:44:12 SIP [450]: DNS <6+info > [DNS] dns record 0: removed.example.com/111.222.333.444
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] DNS resolution with 111.222.333.444:5060
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] Message sent: (to dest=111.222.333.444:5060)
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000]
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] REGISTER sip:removed.example.com SIP/2.0^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] Via: SIP/2.0/UDP 10.6.118.22:5072;branch=z9hG4bK1557744813^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] From: "209" <sip:209@removed.example.com>;tag=1736150681^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] To: "209" <sip:209@removed.example.com>^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] Call-ID: 579639055@10.6.118.22^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] CSeq: 1 REGISTER^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] Contact: <sip:209@10.6.118.22:5072>^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] Allow: INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, REGISTER, SUBSCRIBE, REFER, PUBLISH, UPDATE, MESSAGE^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] Max-Forwards: 70^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] User-Agent: Yealink SIP-T22P 7.72.0.25^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] Expires: 3600^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] Allow-Events: talk,hold,conference,refer,check-sync^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] Content-Length: 0^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] ^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000]
> Apr 24 17:44:12 SIP [450]: SDL <5+notice> [000] send request retransmission (id=1)^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] Received message:
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000]
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] SIP/2.0 401 Unauthorized^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] Via: SIP/2.0/UDP 10.6.118.22:5072;branch=z9hG4bK1557744813;received=222.333.444.555;rport=5072^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] To: "209"<sip:209@removed.example.com>;tag=fdfa5237^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] From: "209"<sip:209@removed.example.com>;tag=1736150681^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] Call-ID: 579639055@10.6.118.22^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] CSeq: 1 REGISTER^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] WWW-Authenticate: Digest realm="example",algorithm=MD5,nonce="53594d543bc71f60f7d560d4b656e40f3176ab17",qop="auth",opaque="",stale=false^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] Content-Length: 0^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000] ^M
> Apr 24 17:44:12 SIP [450]: SDL <6+info > [000]
> Apr 24 17:44:12 SIP [450]: SUA <6+info > [000] SIPTrustCtrl IS Enable
> Apr 24 17:44:12 SIP [450]: SUA <3+error > [000] IP:[111.222.333.444] is NO found in the dns cache,discard this message!

The phone knows the IP address of the server, sends out the registration message, but after a little bit later the same IP address is not trusted already.
"IP:[111.222.333.444] is NO found in the dns cache,discard this message".
The registration is based on SRV records, the SRV contains 2 IP addresses with priority. In the logs I see only one IP address (the one with highest priority) if it counts.
Any advice?

The newer firmware has an option in the General Settings called "Allow IP Call". Have you tried setting this to "Disabled"?
04-25-2014 08:12 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Messages In This Thread
Ghost Calls from Port Scanning - ctiefel - 11-08-2013, 10:01 PM
RE: Ghost Calls from Port Scanning - ctiefel - 04-25-2014 08:12 PM
RE: Ghost Calls from Port Scanning - Fuur - 11-25-2014, 07:01 PM

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  W80 Emergency Calls with Locked Keypad sandro84 0 298 10-18-2021 07:57 PM
Last Post: sandro84
  Silencing / Rejecting Queue Calls asafayan 1 1,206 07-13-2021 03:45 AM
Last Post: complex1
  Share Wi/Fi to PC port kevins1701 1 1,870 04-07-2021 04:58 AM
Last Post: Yisroel_MongoTEL
  RTCP-XR MOS-CQ scores 0 on many calls CyVon 0 1,160 04-01-2021 04:18 AM
Last Post: CyVon
  Making calls without registration : T22P phatcow 3 7,519 02-09-2021 09:59 PM
Last Post: naveenhome64
  Calls to more than three participants? It's possible? Cimmerio 4 2,930 01-29-2021 10:13 PM
Last Post: Yisroel_MongoTEL
  Is there a way to stop incoming calls from being muted Janelle 0 1,497 11-16-2020 07:05 AM
Last Post: Janelle
  Direct IP Call Outside LAN with specific port BumbleBears 2 3,638 05-28-2020 02:13 PM
Last Post: Lewis-H
  IP Phone sometimes does not receive calls from my own mobile phone. willywonka 4 5,615 05-27-2020 01:12 AM
Last Post: willywonka
  Outgoing calls fail - Forbidden TotalNet 4 6,614 05-07-2020 08:30 PM
Last Post: TotalNet

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication