Sunday, January 21, 2018

SPIT calls on GXV3000 (updated)

SPIT stands for Spam over Internet Telephony.

Out there exists a lot of evil people that do bad things, SPIT is one of this bad things.
It can be very annoying. Here some notes about to get rid of these calls on the Grandstream GXV3000 phones.

What is SPIT ?

SPIT is the way some people, using some kind of automatic appliance, scan internet for valid VoIP phone numbers and then start to call those numbers.
There are different reasons why somebody wants to do that.
For example to gain access to ill-configured networks or just place a real call if a number appears to answering the calls in order to place some spam messages or try to infect computers that can be used for other purposes.

How I can detect a SPIT ?

If you have a VoIP phone, the first thing to notice is a series of calls coming from strange numbers.
Typically 1001 but many uses also a sequence of numbers, like 10041, 10043, 10045.
The calls are continuing, often for hours and for the most time answering is useless, nothing is said, no noise.
It is possible (some have reported) that after a number of answering a spam message is sent.

How I can fight SPIT ?

That is the complicate part.
It depends about the capabilities of the router or VoIP phone and what providers you are using.
Some phones have the capability to reject calls not fully formed or coming from a direct IP.
If so it can help to enable those blocks, but then is better to check to be able to receive legitimate calls.
It is important to understand that EVERY VoIP provider can be affected by this and often the provider itself are not involved.
Spammers or criminals simply scan providers domains for every possible number/combination, so it is really matter of time rather than possibilities.

The GXV3000

Years ago I did set up a VoIP telephony network using a bunch of GXV 3000 from Grandstream.
Important ! The GXV3000 is obsolete. Still possible to buy one on Ebay but is not anymore supported by Grandstream !!!

Few years ago some of these phones started to be attacked by a SPIT occurrences.
Unfortunately all the affected phones were outside my physical reach so I was unable to run some diagnostic ... this until few days ago.
Few days ago also my phones started to be affected so I was finally able to run some tests and diagnostics.

I was able to determine that the SPIT calls were using my Sip2Sip account, but is important to remember that the provider usually is not involved.
I did see the calls coming with the Sip2Sip information but looking at the Sip2Sip server nothing was showing up.
However disabling the Sip2Sip account on the phone did stop the incoming calls.

After some searches I found a possible workaround.
The GXV 3000 has the possibility to reject anonymous calls and calls with improper User ID.

After selecting these two parameters the SPIT calls so far ended.

I suspect that finally the SIP scanning on the Sip2Sip users did catch my number and it started to be called.
In the next weeks I will be monitoring the two phones I modified to see if the SPIT calls are coming back.


Feb 2018

Applied the setting on other phones, however it seems only the latest firmware for the GXV3000 ( handle correctly the settings.
On older firmware phones, there is only the anonymous call rejection and this is not enough to prevent the fake calls to come in.
So unless the phone is updated to the latest firmware the modifications above will NOT work and SPIT calls will continue to arrive.



No comments:

Post a Comment