Blacklist module, tons of spam calls

Looking for some advice. I’m not really sure what a person can do about this…

A few times per week, my sipstation phone number gets BOMBARDED with calls. About 70 at the same time (all in the same second). The calls come from a great variety of DIDs, all with the same forged caller ID.

What do I do about this? The blacklist module only takes a specific DID; can I ban all calls from international numbers, perhaps? That’d definitely cut down on the spam and would be an acceptable solution.

Why are accepting calls to arbitrary numbers in the first place?

Are these coming through sipstation, or are they coming direct? If so, do you need to have extensions on unknown, out of country, IP addresses?

These are attacks sent directly to your PBX (unrelated to sipstation or any other trunk). They would normally be blocked, but it appears that in Asterisk SIP Settings, you have Allow Anonymous Inbound SIP Calls and/or Allow SIP Guests set to Yes.

If turning these off results in legitimate calls being blocked, you should adjust your trunk configuration(s). Assuming pjsip trunks, this means that Match (Permit) must be set to allow all IP addresses from which the provider can send calls.

Okay okay, yeah, absolutely. I missed this because I typically use a very restricted firewall ruleset, but my team was interested in using remote sip/tls for connectivity and the SangomaTalk app. I’ve been trying to swap my sipstation trunks to PJSIP from SIP (this never works, for some reason asterisk doesn’t listen to the PJSIP port for the trunks, but that’s neither here nor there), so right now in the firewall an anonymous source could get through and place a call directly to my phone system.

I’ve got ‘sip guests’ turned off now. I imagine that’ll prevent these calls in.

It won’t ‘prevent’ those calls, your system will however no longer ‘answer’ those calls it will send a ‘rejection’ instead, so the bad guys still know you are there. As long as you are listening on UDP/5060 there will be a steady drip drip of attempts to get in. You can run sngrep to watch that relentlessness

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.