I have five polycom 331 phones connected to my freepbx system all have outbound and inbound calls using a sip provider, three of the phones are external. Everything works great apart from one very annoying thing.
One of the three external phones rings every half hour or there abouts, the phone displays the call is from [email protected], where x is the external ip of the problem phone, when the phone is answered the line is dead. I initially thought it was a problem with the phone but I swapped the phone for one that I was using in the hope that I would get the same problem. But no I didn’t get it so its not the phone. I’ve check my freepbx logs and there are no calls logged to that phone with with extension 100. There is no extension 100 on my system so I conclude the calls are not originating from my system or even passing through my system.
Does anyone have any idea what is going on here? The external phone is connected to a netgear router with the firewall enabled, I can’t figure out where these annoying calls are coming from or how to stop them.
So sidvicious is attacking one of the external phones??? Whats the best way to prevent this sort of attack, I’m aware I can change the port number but are there any drawbacks to taking that route?
An access-list of some sort if the CPE supports it, perhaps limiting traffic from that phone in/out to your PBX IP only.
Or, a VPN (again, unsure if the CPE supports it, the handset doesn’t); Asterisk 12 and 13 come with an interface for OpenVPN I believe, so this shouldn’t be too hard to achieve.
If it’s the same IP scanning every time, maybe you can win with a simple rule to block anything from that originating IP.