Inbound routes issues

We have a small issue. We have some person somewhere slamming our system with attempts to get in. They all originate from the same DID, but the built in blocker can’t black by that. Now before you say Anon calls should be disabled, if I do so all inbound calls get dropped, and while the silence is nice, we kind of need the calls to come in. I have 2 inbound routes

Any DID which passes to the normal system
One I added with _XXX41519470489 which is supposed to go to hangup

The XXX is because the first 3 digits change slightly. It appears however the second rule is not getting processed given the first. What would I need to do to allow normal phone traffic come in while ensuring the annoyance caller is blocked. He has been hitting us for over 5 days, and at a rate of over 100 per hour. my SIP provider says they cannot block them at thier end.

Short on detail here, but assuming you have a conventional setup where inbound calls arrive on specific trunks, then the solution is to properly configure your trunks so that you can disallow anon calls. A band aid would be to config the firewall to only allow inbound traffic by trusted source IP.

There is no firewall, the outbound calls go directly to an EGS gateway provided by our SIP provider.

On re-reading, I’m thinking I misunderstood the description of the issue. Note there is a toggle in the inbound route for ‘CID Priority’, you want to enable that for the problem calls.

I will try that, but the help says it is only for when the DID is blank. The problem caller keeps changing the CID in an attempt to hook into the server.

Going to need a call trace, share via pastebin:

hello @ThetaCoder,

The quickest way to reduce the calls to your extensions (not the pbx), is to setup a call confirmation dialplan before the call would continue to its destination. You can use something simple like that:

exten => s,1,NoOp(Incoming call from: ${CALLERID(num)})
same => n,Read(check_answer,silence/1&press-1,1,,1,5)
same => n,GotoIf($[ "${check_answer}" = "1" ]?continue:hangup)

same => n(continue),NoOp(Success, The call will flow to its destination)
same => n,Return()

same => n(hangup),Hangup
  1. Add this context to your extensions_custom.conf file and reload the dialplan (rasterisk -x'dialplan reload')
  2. Create a custom destination and add the destination: from-world-custom,s,1
  3. Select the Return switch to yes and add your destination (your extension, ivr, ring group etc.).
  4. Change the destination in your inbound route of your extension to check if it is working well for you.

If it will works well for your, change the default inbound route of your company.
If the spammer will guess the code (1 in my example), you will be able to change the code quickly in the dial plan (the config edit module).

Keep in mind that this dialplan will help you to allow only authorized call to continue to the pbx, but it will not reduce the load on the incoming calls, and you will have to keep monitoring your pbx to find more patterns of the spammer.

Let me know if you will need more help.

Thank you,

Daniel Friedman
Trixton LTD.

I had thought the calls had stopped, but they picked back up again. they are now starting to change their DID and CID slightly. I will hopefully get a trace done shortly and get it in pastebin.

Below is hopefully the trace of one of the more recent calls from the bad source

The DID has been changing every so often, but always seems to contain 441519470554 at the end.

look at line 4 and make sure you do not have anonymous or guest sip calls allowed

We get over 90% of our business via phone. I cannot turn off anon sip or it completely shuts down ALL incoming calls. I know this because we tried disabling those, and it shut down the whole thing.

You can fix your trunk setup to only accept calls from your providers designated servers. Then you can turn off anon/guest calls

our phones are on a dedicated network that connects directly to the EGS Gateway unit. No calls come in on our normal Public WAN address we use for internet.

Not sure why that helps resolving your problem, I don’t know what an “EGS Gateway” is my guess it is in fact the source of your trunk, but quite happy to be corrected

Our SIP provider is only that, just sip trunk to the EGS unit (think of it as an edge router/gateway) . All phone calls in or our pass through our SIP provider to that device to the phone network. We have no choice in where the calls come from, they only come from our SIP provider, we really have no way that I know of to set a designated server to listen to.

You are missing the point, here we are talking Asterisk, so I assume you have provisioned a trunk to whatever, having done that and if it is as localized as you say, defining the “host=ip.addr.ess” will accept calls from that IP and you can then turn off the anon/guest calls which is what you are seeing and being annoyed by, if you don’t do that then you will have to just put up with it or as otherwise suggested , send the calls to something that identifies as acceptable the caller.

in short all I need to know is how to setup call routing so that any DID that contains the spammer gets junked but EVERTYTHING else can come through. I have NO access to anything beyond the port where the phone network connects to the EGS. So even if I say only things coming from the EGS ports ip it wont stop all the calls from coming in as ALL CALLS come in via that port.

Setting up a ‘press 1 to continue’ is not an option, as we are a business, and asking every customer that calls to do that would kill the business. I am sorry for being short, but this has been going on for 2 weeks and my bosses are not accepting of ‘just deal with it’ as a response. My SIP provider has said they cannot block a DID, I would have to call the cops or the FCC, who aren’t going to do anything about it either.

So no consistency to CID/DID and no willingness to use an IVR. I would say there is no solution to this problem, unless you can do a whitelist like described here: Of Robocalls and Whitelists
That would force unrecognized callers to ‘press 1 to continue’ but after that they would be on the whitelist so it bypasses the challenge.

If you can’t/won’t constrain the anon/guest calls then as suggested have the caller validate, this can easily be a one time need, add them to your whitelist ( another story, and not a short one) and the next time they call they won’t be bothered.

I will take a look at that. Is there no way to setup a inbound routes so that the bad one gets trapped while letting the others through?