The Phone is Ringing

Posted Saturday, December 12, 2009, at 12:25AM by e;

Breaking with today's trends, Kathy and I have a home phone. It's not something that we really ever use and it's probably a waste of money to have it, but it's just a few dollars a month and was an easier option than deciding that the building call box would ring to my cell phone.

Seeing how much I love over-designed and half-implemented solutions, it shouldn't surprise that this phone is a VoIP handset that connects to an Asterisk server and an Adhearsion dial plan app.

What is a surprise is that over the last 24 hours, the phone's been ringing at the oddest hours.

In fact, it rang at 2:21am, 4:57am, 6:01am, 7:15am and 8:36pm. Instead of a caller ID number, the handset shows "sip" and "asterisk."

The last bit is the key that these aren't just wrong numbers or robo-calls. Instead, they are calls coming in via direct SIP connections to the Asterisk server.

Frankly, I hadn't even considered that a possibility. Who randomly dials IP addresses looking for phone systems?

The first connection arrived via 66.117.50.225, an IP address in Virginia. Three calls were placed, trying to ring "extensions" of 00442086371406, 0442086371406 and 000442086371406.

The second came via 113.105.152.104 and 113.105.152.103, both IPs in China. They attempted to dial 003318288029, 00033182880295 and 033182880295.

The third came via 89.37.11.12, an IP in Romania. Again, three calls, this time to 00442073942500, 0442073942500 and 000442073942500.

What to make of these? Apparently, there are people / scripts out there war-dialing IPs looking for asterisk installs that are mis-configured to allow arbitrary connections to dial out. They're hoping to use these installs to place international calls.

My setup isn't one of those, though it probably shouldn't be allowing random IPs to connect, either. Perhaps it's time to button that up.

For now, though, I'm just curious what would be there if I actually answered one of those calls.

Comments —

Dave writes:

For now, though, I'm just curious what would be there if I actually answered one of those calls....

Well in my experiance of this IP calling me would be there nothing, no answer or any noise when i answered the call from this IP upon searching it in google brought me here.

Calling this IP back i just got the welcome to asterisk

# on Jan.01.2010 AT 02:06 PM

Dave writes:

Seems they keep coming

195.205.173.2 89.96.28.101 203.211.131.211

All at the same time with same CLID 7+ Calls

# on Jan.08.2010 AT 04:59 PM

David (Australia) writes:

I'm getting 113.105.152.103 and 104 as well as 210.3.231.122, 211.100.41.168, 117.34.72.42, 91.83.48.220

# on Jan.16.2010 AT 01:32 PM

Jeff Phillips writes:

I just got a couple of calls from 113.105.152.103 to the extension 033182880295 as well. What are these people doing this for? Since they were unsuccessful in finding a box configured to allow them to dial out, are they going to keep messing with my server or are they just going to move on to the next one?

# on Feb.07.2010 AT 09:20 AM

kda406 writes:

I ran into this as well from 113.105.152.104 103 and 102. Here is the solution I found: http://forums.digium.com/viewtopic.php?f=1&t=73079&sid=45abb6f79f3ca9c5582913d752611041

I hope this helps anybody experiencing this problem.

# on Feb.10.2010 AT 12:06 PM

e; writes:

Thanks kda... That's a good link. Both allowguest=no and the firewalling seem useful. Personally, I took the "maybe if I just ignore it, it will go away" approach, but I don't think that one has very good long-term prospects.

# on Feb.11.2010 AT 11:19 PM