FreecoNet: Who invigilates VoIP networks? 26.03.2009
Specialists from FreecoNet SA technical department have recently noted cases of deaf phone calls to users of VoIP telephony. After solid analysis it has occurred that this phenomena is a result of Internet scanning which is being executed from one constant IP address.
„One of our users has recently complained about several deaf phone calls, which are being especially troublesome at night. What is more those connections were not stated in detailed billings of incoming calls, those connection were even not intercepted by our VoIP platform. The prosecuted analysis brought amazing results – those connections came from one unique IP address and were directed to randomly chosen Internet users that use VoIP telephony. We have reached the company which name was allegedly used inabove mentiond calls identifications. However this company refused being responsible and informed us that they have asked the owner of the IP address computer, from which the “scanning” is being executed to identify and explain the whole situation” - says Łukasz Ratajczyk, FreecoNet SA technical director.
In practice it seems that, from IP number: 69.197.156.250 there are generated SIP packets to different, randomly chosen IP numbers. If this particular IP number is connected to any VoIP device (gateway or IP phone) – the connection is established and the SIP packets sender receives information containing detailed information about e.g. the type of used VoIP device. Those connections are invisible in the incoming calls billing due to the fact that those connections are not directed to the particular number but instead on IP number and by this means they omit the VoIP platform as well.
FreecoNet specialists advise to make a minor amends in VoIP devices configuration. If somebody uses router the best solution is to block the possibility to connect with: 69.197.156.250 IP number in firewall preferences. In case of VoIP gateways they suggest to change the automatically set UDP port from 5060 to 5070. As a result it should case that server which executes those connection would not reach our gateway or IP phone.
