Lately I've been getting calls into our system (not a lot) where the Source is "sip" and the Channel is "SIP/IP Address". I know it's someone trying to hack my system but is here anyway I can block these calls. I know that Black Listing will block the source as a phone number but only a phone number.
block it by adding the ip to your firewall, and if you dont have a firewall get a free one from smothwall.
hope this helps
Regards
Seanshonag
block it by adding the ip to your firewall, and if you dont have a firewall get a free one from smothwall.
hope this helps
Regards
Seanshonag
While the firewall idea is a valiant effort at stemming this problem, it comes from several different ip addresses. This includes some in St. Louis, Germany, and anywhere else you can imagine. Must be some kind of generic code used by script kiddies. Anyway, people have been asking for a way to add an alpha string to the inbound route for some time, mainly to handle anonymous and private calls. The runaround is always given here. One answer is that you can do it in the new version. Then after you install the new version, you will still get an error when attempting an alpha entry. The other answer is (and I paraphrase), “Why would you want to do that; don't you know there is a Privacy Manager.” Yes, we know. But we also know that anyone, even an non-techie, can spoof whatever they want here. Not quite the functionality you get when someone must announce themselves verbally. That is why I take matters into my own hands by modifying the mysql database with an insert command. Be forewarned that you do this at your own risk. Just use a command like:
insert into asterisk.incoming values ("sip", "", "app-blackhole,busy,1", "default","", 0, 0, 0, "", "", "default", "", "");
You can substitute with hangup or anything else you want. It works because the field cidnum is a varchar, so the table itself does not need to be modified. Sure brings a lot more sanity to life than waiting for hell to freeze over before someone gives us the functionality we want.
My first line of defense was to block the IP addresses at the firewall (smoothwall) but as fredx99 points out... the IP address is always changing which means I need to constantly add IP address to my blocked list. Fredx99, thanks for the script of adding to the DB. I was afraid I would have to resort this since Blacklist won't let you enter alpha strings. Thanks.
Is there a way to manually add the "SIP" cidnum to the blacklist? I've been digging around in the DB and can't find where the values are stored.
Fredx99.... I was able to easily add the SIP block in my incoming routes. What I did was went into the Inbound Routes and added a new route called "SIP Block" and added misc. numbers to get the incoming route to save. The destination was set to "Terminate Call"... Hangup. I have phpMyAdmin setup on my trixbox... so I went into the DB, select asterisk/incoming. Click on Browse and then you will see the incoming route you just created, then select "edit". From here you can make the changes to block the SIP cidnum.
cidnum - sip
extension
destination - app-blackhole, hangup, 1
faxexten - default
faxemail
answer - 0
wait - 0
privacyman - 0
alertinfo
ringing
mohclass - default
description - SIP Block
grppre
Click "Go" and it will save it.
Can find more info on this over the the Elastix Forum. I have a running conversation on hack attacks
http://www.elastix.org/component/option,com_fireboard/Itemid,55/f...
Copyright © 2011 Fonality
Fonality and trixbox are trademarks of Fonality. Trademark Policy. Privacy Policy.
Asterisk is a trademark of Digium, Inc. Fonality and trixbox are not affiliated with, nor endorsed by Digium, Inc.
Member Since:
2007-06-18