Extensions accessing internet - why?

Discussion in '3CX Phone System - General' started by cfive, May 31, 2011.

Thread Status:
Not open for further replies.
  1. cfive

    cfive Member

    Joined:
    Aug 20, 2009
    Messages:
    284
    Likes Received:
    6
    Since upgrading to V10, extensions are attempting to access IP 38.126.9.134 on port 80. Why?

    3CX is using a patton gateway, connected to PSTN phone lines. I don't understand what is happening.

    Thanks - Les.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. multi1

    Joined:
    Jan 27, 2009
    Messages:
    15
    Likes Received:
    0
    what phones r u using ?
     
  3. cfive

    cfive Member

    Joined:
    Aug 20, 2009
    Messages:
    284
    Likes Received:
    6
    The phones are Polycom 330 and 550's.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. davidbenwell

    davidbenwell Active Member

    Joined:
    Apr 27, 2010
    Messages:
    704
    Likes Received:
    0
    do you deal in any business with idealhosting.com?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. cfive

    cfive Member

    Joined:
    Aug 20, 2009
    Messages:
    284
    Likes Received:
    6
    Not to my knowledge, but in any case why would the handsets be trying to get there? I did look up the IP ;-), it means nothing to me. I spotted the connections on my firewall logging, and have blocked them.

    But, WHY? Didn't happen with v9, which in my mind makes it a v10 thing.

    Asking c.root-servers.net for 134.9.126.38.in-addr.arpa PTR record:
    c.root-servers.net says to go to auth1.dns.cogentco.com. (zone: 38.in-addr.arpa.)
    Asking auth1.dns.cogentco.com. for 134.9.126.38.in-addr.arpa PTR record: Got CNAME referral (with no NS) to f.root-servers.net (zone 38.126.9.134.strong.net.) [from 66.28.0.14]
    Asking f.root-servers.net for 38.126.9.134.strong.net. PTR record:
    f.root-servers.net [192.5.5.241] says to go to i.gtld-servers.net. (zone: net.)
    Asking i.gtld-servers.net. for 38.126.9.134.strong.net. PTR record:
    i.gtld-servers.net [192.43.172.30] says to go to ns2.idealhosting.com. (zone: strong.net.)
    Asking ns2.idealhosting.com. for 38.126.9.134.strong.net. PTR record: Reports idealhosting.com. [from 38.126.9.131]
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Vali_3CX

    Vali_3CX Well-Known Member
    Staff Member 3CX Support

    Joined:
    Dec 12, 2008
    Messages:
    1,502
    Likes Received:
    69
    Hi Lee
    It's weird... Have you tried as extensions another kind of phone - say 3CXPhone, xLite, Grandstream?
    Regards
    vali
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. nb

    nb Support Team
    Staff Member 3CX Support

    Joined:
    Jun 7, 2007
    Messages:
    2,129
    Likes Received:
    153
    This is definitely not a 3CX thing. Cannot be because of v10 nor of 3CX. You just did not see this problem before. How can we tell your phones to connect to a public ip that has no sense to us?

    Check the provisioning templates if you use provisioning to see whether you hardcoded some sort of address in there.

    Maybe you have some virus or something. I have seen stuff like this - people uploading firmwares of phones from untrusted sources that do this crazy stuff.

    This is all I can think of. Rogue firmware applied to the phone. What else can tell the phone to contact a public webserver on the internet?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. cfive

    cfive Member

    Joined:
    Aug 20, 2009
    Messages:
    284
    Likes Received:
    6
    The 3cx phone doesn't attempt a connection, it's only the Polycoms.

    I would have seen it with v9 if it existed, as it's the same firewall with no configuration changes that is logging the attempts.

    The provisioning files came with v10, I never modified them. I've searched all of the .xml's for references to the URL and/or IP, nothing found.

    I have factory reset the phones and reprovisioned, but no change.

    I do have the firewall set to deny the connections (but log them), so it's not critical - only a mystery ;-).
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. nb

    nb Support Team
    Staff Member 3CX Support

    Joined:
    Jun 7, 2007
    Messages:
    2,129
    Likes Received:
    153
    But I can assure you that the phones are never configured to access the internet. Also there is no reason why we would do this or how we would not have noticed this in the first place.

    We want them to access the 3CX Phone System server only.

    Send me a configuration file generated of one of the polycom phones. send it to nb@3cx.com. As is - do not modify anything in it. The configuration files are located in %allusersprofile%\3CX\Data\http\provisioning folder. Look for the file that contains your phone's mac address and send them to me.

    Also what IP are they trying to access? Could it be an online ntp server of polycom for example? i cannot see any other valid reason why polycoms should be accessing the internet unless 3CX Provisioning tells them to. Or a stun server? And 3CX Provisioning tells them to connect to the 3CX Phone System Local IP Address for 2 things - Http provisioning to get the configuration file and for registrations.

    Let me know - there should not be such an unresolved mystery in this. Also can you specify where or what on the internet they are accessing? As you know the internet is a very big place :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.