cancel
Showing results for 
Search instead for 
Did you mean: 

VoIP botnets

peterclough
Newbie
Posts: 3
Registered: ‎07-11-2017

VoIP botnets

How can I configure my new Plusnet (Hub One) router to stop bot calls from 1000, 1003, etc. numbers - I'm getting at least 20 /day. All the research I've done tells me I can change router settings and IP addresses to stop this but to what?  I'm using an Android smartphone with a Freedompop sim.  All other comms are fine but these annoying dead numbers are just probing my network.  I had no problem with the old technicolor router.  Call blockers from the playstore do not work.

5 REPLIES 5
MisterW
Superuser
Superuser
Posts: 14,575
Thanks: 5,411
Fixes: 385
Registered: ‎30-07-2007

Re: VoIP botnets

The BT Home hub 5 ( of which the Hub one is a clone ) has a major flaw. https://thecomputerperson.wordpress.com/2015/04/03/bt-home-hub-5b-5-b-and-the-sip-flaw/ If you have an active SIP connection using SRC & DEST ports of 5060 ( the normal SIP port ) then it will open port 5060 to incoming traffic from anywhere. You MAY be able to prevent it IF you can change the SRC port on your smartphone SIP connection to something other than 5060. Obviously you can't change the DST port as that will be fixed for the SIP server you are using.

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

peterclough
Newbie
Posts: 3
Registered: ‎07-11-2017

Re: VoIP botnets

Thanks for that quick reply MisterW.  I'll give it a try and let you know if it works.  It looks like it may be a flaw in the original router setup.  

peterclough
Newbie
Posts: 3
Registered: ‎07-11-2017

Re: VoIP botnets

Got an app Net Swiss Tools which scanned my phone and when I type in port 5060 it states its closed.  Is there a firmware fix from Plusnet available for the Hub One router?  Or do I need a different router?

MisterW
Superuser
Superuser
Posts: 14,575
Thanks: 5,411
Fixes: 385
Registered: ‎30-07-2007

Re: VoIP botnets

AFAIK there is no fix for the Hub One router, or the BT HH 5 on which it's based

TBH a lot of routers have problems with SIP(voip) traffic. Many have what's known as a SIP ALG(Application Layer Gateway) which attempts to help route incoming SIP traffic. Unfortunately many of the implementations are 'broken' and I suspect the HH5 is one of those. On some routers you can disable the ALG but you can't on the HH5.

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

wisty
Pro
Posts: 591
Thanks: 112
Fixes: 8
Registered: ‎30-07-2007

Re: VoIP botnets

I had this problem a couple of years ago with a SIPGate VOIP account.

Sipgate gave me a pointer to their help page on this problem. It may be of use

http://basichelp.sipgate.co.uk/hc/en-gb/articles/204424011-Receiving-Direct-IP-SPIT-Calls-from-numbe...

In my case it was not a router change that was needed. I changed the ATA settings to disallow direct IP calls, and (my "phone" is an OBI ATA) used its facility to only allow inbound calls from the  VOIP providers ID. That solved the problem completely for me.

What app are you using on the Android phone to connect to the VOIP provider? There may be something in it's settings that will allow you to switch the inbound port to something else and possibly disallow direct IP calls.