port scanning call after switching cable company, pls help

Here you can post your own working configurations of hardware or software to share with other users who may be using the same device!
Fongo recommends Fongo Home Phone for a fully supported Home Phone system for only $4.95/mo
Forum rules
DISCLAIMER
This forum is for those users who have already purchased a configuration file with the SIP settings needed to configure any SIP compatible device.

1. Please use this forum only as a means to share your configuration advice and guides for ATA devices and SIP clients that you are using with our service.
2. For any questions relating to device configuration, please use the other forum sections or post your question directly in the device topic that your question is meant for.
3. Please title your topics with only the name and model of your device so users can easily find the information they need.
4. Preferable format for posting here is compressing your screenshots of your successfully configured device into a .zip file, and post a brief description of the configuration.

Please stay on topic

port scanning call after switching cable company, pls help

Postby ctm » 12/30/2018

device: obi 100\
modem: Hitron, model: CGN3ACSMR
OS: windows 10 pro, 64-bit

I just switched from Teksavvy to Rogers today, and get those annoying port scanning calls again. I plugged the cable into the modem directly instead of the router (I used the TP-LINK Archer 3200 router before with teksavvy). Couple of years ago I had the same problem, and someone directed me to some obi setup files here or somewhere online to set up the obi and fixed the problem. I don't know if the setup guide has been updated and where I could find and download the guide?

do i have to go through the router with the setup guide or i could connect directly through modem? because I had some issues with router, which shared the same local ip as the modem 192.168.0.1, i could not even login the router now, tried 192.168.1.1 or tplinkwifi.net, neither worked, but when i connected router to modem the wifi of the router still works.

your help is greatly appreciated.
ctm
Quiet One
 
Posts: 37
Joined: 05/16/2014
SIP Device Name: obi100
Firmware Version: 1.3.0.2815
ISP Name: teksavvy cable 25/2
Computer OS: windows 7

Re: port scanning call after switching cable company, pls he

Postby Liptonbrisk » 12/30/2018

ctm wrote:modem: Hitron, model: CGN3ACSMR


I hope you've disabled SIP ALG in that. If you need help, refer to page 4, Step E from this PDF guide: viewtopic.php?f=15&t=18805#p73839.


I just switched from Teksavvy to Rogers today, and get those annoying port scanning calls again. I plugged the cable into the modem directly instead of the router


That is the problem. At default settings, the CGN3ACSMR's firewall, won't be as effective as your TP-LINK at blocking unwanted traffic. And if you happen to be running the CGN3ACSMR in bridge mode, you're leaving yourself completely at risk.

because I had some issues with router, which shared the same local ip as the modem 192.168.0.1


Login to your router. Navigate to Advanced-->Network-->LAN. Change the LAN IP to something else.

someone directed me to some obi setup files here or somewhere online



Click http://forums.redflagdeals.com/newegg-o ... #p28508673.

Having problems with SIP Scanners? Is your phone ringing constantly with caller ids that appear as 1001, 999, etc. Bots/crackers/scammers are looking (scanning ports) for ways to break into your services and devices.


1. Are you port forwarding from the router to the ATA or using DMZ? Let's not do that unless you have no other choice. Disable any port forwarding in the router to the ATA, especially UDP port 5060. If you find disabling port forwarding creates 1-way audio issues (or other weird problems), try disabling SIP ALG in your router.

2. If you used the OBitalk web portal to configure your ATA, you need to continue using http://www.obitalk.com for now. Enter the expert menu (advanced configuration; it's an "E" icon). Otherwise, dial ***1, and enter the IP you're told into your web browser.

If you used the Obitalk web portal (http://www.obitalk.com) to configure your ATA, keep in mind that you must continue using it to configure your ATA. Otherwise whatever settings you change will eventually be overwritten by what you previously entered at obitalk.com anyway. If you wish to disable this behaviour, dial ***1. Enter that IP address into a web browser. Navigate to System Management-->OBiTalk Provisioning-->select Disabled for the method. Save. Reboot ATA. Now obitalk.com won't overwrite whatever changes you make via the device's interface (via IP address).

Pick one method (obitalk.com) or the other (IP address of device) for changing device settings. But do not use both methods. Keep in mind that activating Google Voice requires using the Obitalk.com web portal.

3. Navigate to Voice Services-->SP(service you're using) Service-->X_UserAgentPort
Change this to something between 30000 and 60000

(In the Obitalk.com Portal, uncheck both device default and obitalk settings boxes to enter in your own settings).

(Submit/save and reboot ATA)

For OBi100 and OBi110

4. Create a white list of authorized IP addresses of the SIP servers you're using (and want to connect with your OBi ATA):
Service Providers>ITSP Profile (service you're using) >SIP>X_AccessList (enter valid SIP server IP addresses).

voip.freephoneline.ca is 208.65.240.44, for example.
voip2.freephoneline.ca is 162.213.111.22
voip4.freephoneline.ca is 162.213.111.21


Separate SIP server IP addresses that you use with this ITSP Service profile with commas in X_AccessList. Basically, you need to know what the IP addresses are of the SIP servers you're using for this particular VoIP service (and not for every single VoIP provider you use in general) on this particular ITSP Profile.

Note that if you do step 4, Fongo Mobile calls to your Freephoneline phone number may be dropped straight to voicemail.
Fongo Mobile calls to Freephoneline phone numbers are SIP URI calls.

Also, it's possible that freephoneline will eventually change the IP addresses of voip.freephoneline.ca, voip2.freephoneline.ca, and voip4.freephoneline.ca:6060. In turn, you'd then have to change these IP addresses in your ATA again.


(submit/save and reboot ATA)


5. Stick/Add {>('yourauthusernamegoeshere'):ph} in your inbound call route. Voice Services-->SP(service you're using)-->X_InboundCallRoute
Use Oleg's method: http://www.obitalk.com/forum/index.php?topic=5467.0 (step 4 from that link)

If you don't know what yourauthusername is, login at https://www.freephoneline.ca/showSipSettings. It's your SIP Username.

Here's an example of what an X_InboundCallRoute might look like with that part added:

{(MTelemarketers):},{>('yourauthusernamegoeshere'):ph}


The first section can be whatever you currently have in X_InboundCallRoute. The bolded part is what you need to add.

(submit/save and reboot ATA)

The combination of steps 4 and 5 will stop sip scanner calls completely. But nothing beats a good firewall.
Please do not send me emails; I do not work for nor represent Freephoneline or Fongo. Post questions on the forums so that others may learn from responses or assist you. Thank you. If you have an issue with your account or have a billing issue, submit a ticket here: https://support.fongo.com/hc/en-us/requests/new. Visit http://status.fongo.com/ to check FPL/Fongo service status. Freephoneline setup guides can be found at viewforum.php?f=15.
User avatar
Liptonbrisk
Technical Support
 
Posts: 2764
Joined: 04/26/2010
SIP Device Name: Obihai 202/2182, Groundwire
Firmware Version: various
ISP Name: FTTH
Computer OS: Windows 64 bit
Router: Asuswrt-Merlin & others

Re: port scanning call after switching cable company, pls he

Postby Liptonbrisk » 12/30/2018

(Generic info)
Typically, for VoIP SIP services, especially for freephoneline, you want

1) a router that does not have a full cone NAT,

Visit https://www.think-like-a-computer.com/2 ... es-of-nat/.
Mango from the Obitalk.com forums writes,
“Use a restricted cone NAT router, and do not use port forwarding or DMZ. Restricted cone NAT will only permit
inbound traffic from the service provider you're registered to. If you have a full cone NAT router, it will allow traffic
from any source. This is probably not what you intend.
If you have a Windows computer, you can test your router using the utility here:
http://www.dslreports.com/forum/remark,22292023. To run it, use stun stun.ekiga.net from a command prompt.”
Essentially, you download the stun-test.zip file; extract the stun.exe file from within the zip file to an easily
accessible location; use an elevated command prompt (visit
http://www.thewindowsclub.com/how-to-ru ... inistrator); change directory (cd) to the
directory or location where you extracted stun.exe (visit
http://www.digitalcitizen.life/command- ... c-commands); and type “stun stun.ekiga.net” without
the quotation marks followed by the enter/return button on your keyboard.
Asus routers, at the time of this writing, produce port restricted cone NAT routers, for example and are fine,
provided you’re using one with Asuswrt-Merlin, third party firmware installed.

2) a router that lets you disable SIP ALG if it's buggy,

To understand why SIP ALG often causes horrible problems, please visit
http://www.voip-info.org/wiki/view/Routers+SIP+ALG (scroll down to the section on SIP ALG problems).

If you're dealing with a modem/router combo issued by an ISP or a router with SIP ALG forced on, you may have
to use voip4.freephoneline.ca:6060 for the Proxy Server. The purpose of voip4.freephoneline.ca:6060 is to circumvent
faulty SIP ALG features in routers.

3) a router that allows you to set QoS or assign highest priority to your ATA or IP Phone over all other devices on your LAN (local area network),

For a very general description of what QoS can do for you, visit https://www.voipmechanic.com/qos-for-voip.htm.
The basic idea is if you're torrenting or have a bunch of other computers, smartphones, tablets, etc. downloading and uploading (hogging all your available bandwidth), you don't want
your ATA not to have access to enough bandwidth to make or receive calls properly. So QoS or a Bandwidth Monitor feature (which is just another form of QoS) is a really good idea for VoIP users.

I often get an occasional relative complaining to me, "Hey my calls sound choppy." And then when I go visit, some kids are playing MMOs on a computer, while another person is downloading a huge file,
and another person is backing up files to a cloud service all at the same time someone else is trying to talk on the phone. All those devices, without QoS enabled, are fighting over available bandwidth along with the ATA.

and 4) A router that lets you adjust both Unreplied and Assured UDP timeouts.

Thanks to Mango, many of us now understand that in order for ATAs to remain registered and working properly with a VoIP SIP provider like Freephoneline, in particular after power failures, the following conditions must be met:

UDP Unreplied Timeout (in your router) < NAT Keep-alive Interval (in your ATA; for Obihai ATAs this is X_KeepAliveExpires) < UDP Assured Timeout (in your router) < SIP Registration Failure Retry Wait Time (or RegisterRetryInterval in Obihai ATAs)

“<“ means less than.

When a modem leases a new IP address, a problem can arise where prior associations using the old IP address are maintained in the router. When the ATA attempts to communicate using the old IP address, the response is unreplied, and then if the UDP Unreplied timeout is greater than the Keep Alive Interval (and UDP Unreplied timeout is often set to 30 by default in consumer routers) a problem arises where the corrupted connection persists. If UDP Unreplied timeout is, for example, 10, and the NAT Keep Alive Interval is 20, then the corrupted connection will timeout or close. A new connection will be created, and everything will work fine.

Another problem can occur when the Keep-Alive interval is greater than UDP Assured Timeout (often 180 by default in consumer routers): the NAT hole will close due to the ATA not communicating frequently enough with the SIP server. In turn, incoming calls may, intermittently, not reach the ATA. Again, X_Keepalives expires is supposed to be 20 with FPL.

(the above settings are making reference to those in Obihai ATAs)

Getting access to both UDP Unreplied Timeout and UDP Assured Timeout settings in consumer routers may be difficult, if not impossible. Asuswrt-Merlin (I would avoid any model below/less powerful than an RT-AC68U), third party firmware for Asus routers, does offer easy access to these two settings, which are found under General–>Tools-->Other settings. My understanding is that third party Tomato firmware has these two settings as well. So if your router supports Tomato firmware, that may be another option. Note that I will not be held accountable any damage resulting from failed firmware updates. Apparently, Mikrotik routers also allow users to change both Assured and Unreplied UDP timeout settings as well: https://forums.redflagdeals.com/recomme ... 2115672/2/

The keep alive interval for FPL is 20. The SIP Registration Failure Retry Wait Time is 120. I use 10 for UDP Unreplied Timeout and 117 for UDP Assured Timeout.



ISPs do not issue customers routers that can do all four things I just listed. Typically it's far better to have your own router with strong QoS functions and a restricted cone NAT firewall,
disable whatever SIP ALG feature is enabled in the router, and stick whatever modem/router combo your ISP gives you into bridge mode. For Bell Hubs, visit http://forums.redflagdeals.com/please-s ... r-1993629/. For Rogers, visit https://www.rogers.com/customer/support ... ridgemodem.
Please do not send me emails; I do not work for nor represent Freephoneline or Fongo. Post questions on the forums so that others may learn from responses or assist you. Thank you. If you have an issue with your account or have a billing issue, submit a ticket here: https://support.fongo.com/hc/en-us/requests/new. Visit http://status.fongo.com/ to check FPL/Fongo service status. Freephoneline setup guides can be found at viewforum.php?f=15.
User avatar
Liptonbrisk
Technical Support
 
Posts: 2764
Joined: 04/26/2010
SIP Device Name: Obihai 202/2182, Groundwire
Firmware Version: various
ISP Name: FTTH
Computer OS: Windows 64 bit
Router: Asuswrt-Merlin & others

Re: port scanning call after switching cable company, pls he

Postby ctm » 12/31/2018

thank you very much for your detailed help. somehow I could not login to my router, tried 192.168.0.1 and 1.1 and tplinkwifi.net, came an error page, showing "router not in the network", but what's weird is, I plugged the router into the modem, i could still use the wifi on router. And when I plug the obi100 back to the router, no more port scanning calls and worked just like before.

so for now, i just left the obi100 plugging in the router, but i don't feel very comfortable since i could not login the router. need google some solution for this.

again, thank you very much for the prompt help.

Happy New Year.
ctm
Quiet One
 
Posts: 37
Joined: 05/16/2014
SIP Device Name: obi100
Firmware Version: 1.3.0.2815
ISP Name: teksavvy cable 25/2
Computer OS: windows 7

Re: port scanning call after switching cable company, pls he

Postby Liptonbrisk » 12/31/2018

ctm wrote:thank you very much for your detailed help. somehow I could not login to my router, tried 192.168.0.1 and 1.1 and tplinkwifi.net, came an error page, showing "router not in the network"




1. Just attach the TP-Link directly to your PC using an ethernet cable, and then modify the TP-Link's IP. Login to your TP-Link router. Navigate to Advanced-->Network-->LAN. Change the LAN IP to something else, such as 192.168.2.1
Don't connect to the CGN3ACSMR at all during this time.

2. Reconnect to the CGN3ACSMR. Stick it in bridge mode: https://www.rogers.com/customer/support ... ridgemodem. By the way, that's not just a modem. It's a modem/router combo or gateway.

3. Attach TP-LINK to CGN3ACSMR. Attach ATA to TP-Link. Connect to TP-Link Wi-Fi on a computer.

Afterwards, you should be able to login to the TP-Link again using the new IP (192.168.2.1)

Even if you don't do anything with your TP-Link router, following the instructions I posted for the ATA will also stop SIP scanners and should be done anyway. In particular at least do these steps for your ATA:

A. Navigate to Voice Services-->SP(service you're using) Service-->X_UserAgentPort
Change this to something between 30000 and 60000

B. Stick/Add {>('yourauthusernamegoeshere'):ph} in your inbound call route. Voice Services-->SP(service you're using)-->X_InboundCallRoute
Use Oleg's method: http://www.obitalk.com/forum/index.php?topic=5467.0 (step 4 from that link)

If you don't know what yourauthusername is, login at https://www.freephoneline.ca/showSipSettings. It's your SIP Username.

Here's an example of what an X_InboundCallRoute might look like with that part added:

{(MTelemarketers):},{>('yourauthusernamegoeshere'):ph}


The first section can be whatever you currently have in X_InboundCallRoute (that doesn’t have ph in it). The bolded part is what you need to add (replace whatever you currently have for ph with the bolded section).

(submit/save and reboot ATA)
Please do not send me emails; I do not work for nor represent Freephoneline or Fongo. Post questions on the forums so that others may learn from responses or assist you. Thank you. If you have an issue with your account or have a billing issue, submit a ticket here: https://support.fongo.com/hc/en-us/requests/new. Visit http://status.fongo.com/ to check FPL/Fongo service status. Freephoneline setup guides can be found at viewforum.php?f=15.
User avatar
Liptonbrisk
Technical Support
 
Posts: 2764
Joined: 04/26/2010
SIP Device Name: Obihai 202/2182, Groundwire
Firmware Version: various
ISP Name: FTTH
Computer OS: Windows 64 bit
Router: Asuswrt-Merlin & others

Re: port scanning call after switching cable company, pls he

Postby ctm » 12/31/2018

thank you so much for your very detailed help, Liptonbrisk. I honestly didn't expect get any response before 2019. will follow the steps try to fix the problem in 2019. :)

wish you a wonderful 2019.
ctm
Quiet One
 
Posts: 37
Joined: 05/16/2014
SIP Device Name: obi100
Firmware Version: 1.3.0.2815
ISP Name: teksavvy cable 25/2
Computer OS: windows 7

Re: port scanning call after switching cable company, pls he

Postby Liptonbrisk » 01/02/2019

ctm wrote:
wish you a wonderful 2019.


Happy New Year!
Please do not send me emails; I do not work for nor represent Freephoneline or Fongo. Post questions on the forums so that others may learn from responses or assist you. Thank you. If you have an issue with your account or have a billing issue, submit a ticket here: https://support.fongo.com/hc/en-us/requests/new. Visit http://status.fongo.com/ to check FPL/Fongo service status. Freephoneline setup guides can be found at viewforum.php?f=15.
User avatar
Liptonbrisk
Technical Support
 
Posts: 2764
Joined: 04/26/2010
SIP Device Name: Obihai 202/2182, Groundwire
Firmware Version: various
ISP Name: FTTH
Computer OS: Windows 64 bit
Router: Asuswrt-Merlin & others


Return to Device Configuration Sharing

Who is online

Users browsing this forum: Google [Bot] and 24 guests