Wednesday, March 4, 2015

Are Robo-calls tying up your IP codecs?

Many ACCESS and BRIC-Link users set their codecs to accept incoming SIP calls, which is required for the the system to be compatible with apps like LinPhone and WebRTC. But a side effect of opening these ports is that they will also answer calls from other SIP-based sources.

We are finding an increasing number of SIP-based "probes" or robo-callers, attempting to make connections with random IP addresses. When one of these hits your codec, it will attempt to answer the call. This typically results in a "hang" condition of the codec until the bad-call timer runs out, defaulted at 60 seconds. This is annoying but not usually a major concern.

Until recently, when we've started seeing a persistence of these dialers to hang on to a codec. When the codec disconnects, the dialer reconnects, resulting in a Denial-of-Service like condition. The user generally needs to reboot his system (maybe a couple of times) for the call to completely clear.

So we took a look at the incoming parameters of these calls to see if there was some way to reject them out-of-hand. And we found a series of "user agents" (the name of the software used to make the call) that were common among these calls.

We now have a beta-level version of firmware for ACCESS and BRIC-Link that adds a "blacklist" which defaults to the three most common user agents we have found in these dialers.  The list can be expanded by the user. If you're experiencing incoming SIP calls on your codecs that tie up your system, ask our support department about an upgrade.  You can reach them at techies@comrex.com.

Edit 3/17/15: Firmware 3.0p6, available at our support page for all models, has this fix. And our UML295s are in stock.

6 comments:

  1. Is there a way we can log attempts to make SIP calls to our Accesses? I have seen the occasional attempt but nothing too often...but now I'm nervous. Once you're on the spammers' radar you NEVER get off it. I feel I'll be asking for that upgrade eventually...it's a matter of when, not if.

    ReplyDelete
  2. Unfortunately we don't support the user establishing a SIP trace (although we can do it from the factory or you could do it externally). But it's not a cause for panic. You can always enable/disable SIP capability as needed, and you do get the source IP info of an incoming call, which allows you to block in on your firewall. We'll be updating our blacklist info if things change as well.

    ReplyDelete
    Replies
    1. Hello Tom,
      Is there an update available? We have the latest version Firmware inplace with the blacklist activated. Recently we started having these robocalls again. Do these guys have a new protocol?
      Thanx, Steven
      RTV Rijnmond, Netherlands

      Delete
  3. One more tip: If you use SIP smartphone apps like LinPhone, you can configure both the app and the codec to connect on a port other than 5060. With 5060 closed on your codec, these dialers will give up right away.

    ReplyDelete
  4. WATD 959FM love the Bric link just not these BOTS I watch them for the last two days on off on off making it hard for any remotes ! Ive reported the IP and email them to please stop! then in the system status window i see "standard RPT " ive i have it not enabled now and so far we are clear and testing from cell phones clear ready to go! maybe this will help you WATD Larry

    ReplyDelete
  5. Getting deeply involved in an MLM home based free business calls for qualities other than sound financial attributes. Bear in mind that the money you will be putting up for network marketing will not work wonders on its own.

    ReplyDelete