Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

Grandstream phones and anti-hacking settings.

Discussion in '3CX Phone System - General' started by FGCUHank, Dec 11, 2010.

Thread Status:
Not open for further replies.
  1. FGCUHank

    FGCUHank New Member

    Joined:
    Feb 27, 2010
    Messages:
    101
    Likes Received:
    0
    Hello,

    I have a real odd one here. Been running on 3cx SP4 (fresh install) for over 72 hours. Phones are all grandstreams not using dhcp option 66 but have the provisioning URL in the phone.

    3cx is set for 3 digit extensions. I have extensions in the 200 and 300 range. (downstairs/upstaris in a soho env.)

    All was working fine up to about 9pm last night (about 72hrs). Then phones in the 200 range could not make outbound calls or extension to extension calls. Phone would register a 403 error, 3cx showed extension as registered.

    However phones in the 300 range worked fine.

    Also note inbound calls rang into any extension. 200's or 300's

    I updated to SP5 and this did continue.

    Below are logs from today from both 200 and 300 based extensions.

    Any feedback would be greatly appreciated.
    Thanks
    Hank

    Log from a 200 extension attempting a call
    12:28:16.035 [CM502001]: Source info: From: "Anonymous"<sip:anonymous@anonymous.invalid;user=phone>;tag=da5526668b1011f0<sip:8235971@192.168.1.199:5060;user=phone>
    12:28:16.035 [CM503013]: Call(4): Incoming call rejected, caller is unknown; msg=SipReq: INVITE 8235971@192.168.1.199:5060 tid=f9f3f9c358f33ee9 cseq=INVITE contact=200@192.168.1.106:5060 / 14268 from(wire)
    12:28:16.035 [CM500002]: Info on incoming INVITE:
    INVITE sip:8235971@192.168.1.199:5060;user=phone SIP/2.0
    Via: SIP/2.0/UDP 192.168.1.106:5060;branch=z9hG4bKf9f3f9c358f33ee9
    Max-Forwards: 70
    Contact: <sip:200@192.168.1.106:5060;transport=udp;user=phone>
    To: <sip:8235971@192.168.1.199:5060;user=phone>
    From: "Anonymous"<sip:anonymous@anonymous.invalid;user=phone>;tag=da5526668b1011f0
    Call-ID: 31aafc0e168ec592@192.168.1.106
    CSeq: 14268 INVITE
    Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, OPTIONS, INFO, SUBSCRIBE, UPDATE, PRACK, MESSAGE
    Proxy-Authorization: Digest username="200",realm="3CXPhoneSystem",algorithm=MD5,uri="sip:8235971@192.168.1.199:5060;user=phone",nonce="414d535c031445af67:94698afbe5765b22121a25d76a9f72fd",response="779e9ed7797574d6530150e93344d3c7"
    Supported: replaces, timer, path
    User-Agent: Grandstream GXP2000 1.1.6.46
    Content-Length: 0


    Calls from 300 based extensions

    12:34:44.176 [CM503025]: Call(8): Calling PSTNline:8235971@(Ln.10002@POTS Lines)@[Dev:sip:10002@192.168.1.202:5064;transport=udp]
    12:34:44.176 [MS210006] C:8.2:Offer provided. Connection(by pass mode): 192.168.1.141:5048(5049)
    12:34:44.145 [CM503004]: Call(8): Route 2: VoIPline:2398235971@(Ln.10004@2392839170)@[Dev:sip:5552364342@sip3.voipvoip.com:5060]
    12:34:44.145 [CM503004]: Call(8): Route 1: PSTNline:8235971@(Ln.10002@POTS Lines)@[Dev:sip:10002@192.168.1.202:5064;transport=udp,Dev:sip:10003@192.168.1.202:5066;transport=udp,Dev:sip:10001@192.168.1.202:5062;transport=udp]
    12:34:44.129 [CM503010]: Making route(s) to <sip:8235971@192.168.1.199:5060;user=phone>
    12:34:44.129 [MS210000] C:8.1:Offer received. RTP connection: 192.168.1.141:5048(5049)
    12:34:44.129 Remote SDP is set for legC:8.1
    12:34:44.129 [CM505001]: Ext.302: Device info: Device Identified: [Man: GrandStream;Mod: GXP series;Rev: General] Capabilities:[reinvite, replaces, able-no-sdp, recvonly] UserAgent: [Grandstream GXP2000 1.1.6.46] PBX contact: [sip:302@192.168.1.199:5060]
    12:34:44.129 [CM503001]: Call(8): Incoming call from Ext.302 to <sip:8235971@192.168.1.199:5060;user=phone>
    12:34:44.114 [CM500002]: Info on incoming INVITE:
    INVITE sip:8235971@192.168.1.199:5060;user=phone SIP/2.0
    Via: SIP/2.0/UDP 192.168.1.141:5060;branch=z9hG4bK3e034b690c701f32
    Max-Forwards: 70
    Contact: <sip:302@192.168.1.141:5060;transport=udp;user=phone>
    To: <sip:8235971@192.168.1.199:5060;user=phone>
    From: "Kitchen Residence"<sip:302@192.168.1.199:5060;user=phone>;tag=ede9634b2ef62030
    Call-ID: 31b30649a9e95bb8@192.168.1.141
    CSeq: 9000 INVITE
    Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, OPTIONS, INFO, SUBSCRIBE, UPDATE, PRACK, MESSAGE
    Proxy-Authorization: Digest username="302",realm="3CXPhoneSystem",algorithm=MD5,uri="sip:8235971@192.168.1.199:5060;user=phone",nonce="414d535c0314473455:74e1030c7c28cf57f5c13c5862f80c6c",response="37d2d80f6d090a5abc0ec6562966a616"
    Supported: replaces, timer, path
    User-Agent: Grandstream GXP2000 1.1.6.46
    Content-Length: 0
     
  2. FGCUHank

    FGCUHank New Member

    Joined:
    Feb 27, 2010
    Messages:
    101
    Likes Received:
    0
    Re: Grandstream Outbound and ext/ext calls stopped after 72h

    Babbling removed
     
  3. FGCUHank

    FGCUHank New Member

    Joined:
    Feb 27, 2010
    Messages:
    101
    Likes Received:
    0
    Re: Grandstream Outbound and ext/ext calls stopped after 72h

    Babbling removed
     
  4. FGCUHank

    FGCUHank New Member

    Joined:
    Feb 27, 2010
    Messages:
    101
    Likes Received:
    0
    Re: Grandstream Outbound and ext/ext calls stopped after 72h

    Babbling removed
     
  5. FGCUHank

    FGCUHank New Member

    Joined:
    Feb 27, 2010
    Messages:
    101
    Likes Received:
    0
    Re: Grandstream Outbound and ext/ext calls stopped after 72h

    Update 12/12/10

    Yesterday I stopped provisioning and manually configured the phones. Couple of changes I made on the grandstreams were:
    Setting the sip server to 192.168.1.199 not 192.168.1.199:5960
    Blanking out the Outbound Proxy
    Setting the Name to be the same as the extension.
    Set "Send Anonymous" to No. (Some of the phones had this set while others did not. Including phones that I factory reset before letting the switch provision them)

    Last night I disabled Anti-Hacking by the green barrier to 99999999 (per instruction) and blackout timeout to 0

    Boss called today and said phones were doing it again. Rolled in and found it was only 2 phones. Connected to the phone interface and found I missed 2 phones, the bosses and it just so happened to be the other phone he tested.
     
  6. FGCUHank

    FGCUHank New Member

    Joined:
    Feb 27, 2010
    Messages:
    101
    Likes Received:
    0
    Re: Grandstream Outbound and ext/ext calls stopped after 72h

    Follow up:

    Think this was a between the seat and keyboard problem. But I am still baffled how/why everything worked for 3days.

    The culprit seems to have been that some of the Grandstreams has "Send Anonymous" set to yes and others did not. No idea why as I had them all with the same config when they were attached to a *NOW server.

    Right now all the phones are manually provisioned and anti-hacking is off in 3cx. I'm going to run for a day or two like this to insure I didn't miss anything.

    From there, I'm going to take a select group of phones and set them for auto provisioning and let them upgrade their firmware from 3cx. After that I'll enable anti-hacking in 3CX again and post back.
     
  7. FGCUHank

    FGCUHank New Member

    Joined:
    Feb 27, 2010
    Messages:
    101
    Likes Received:
    0
    Re: Grandstream Outbound and ext/ext calls stopped after 72h

    Issue returned, after 24hrs.

    the user picked up his phone, was going to dial *302, got to *30 and the phone advised call not authorized.

    Connecting to the phone I find it went back into send anonymous mode.

    I see this option in the grandstreams, anyone know where I can find a list of the grandstream codes? is *30 set anonymous?
    Enable Call Features: No Yes (if yes, call features using star codes will be supported locally)


    Also, I have anti-hacking turned off (security barrier green is 99999999), blacklist was set to 1 second. Notice below the phone is being blacklisted for 334 seconds. How can this be?

    19:14:15.937 Currently active calls [none]
    19:14:11.937 Requests rate from IP 192.168.1.110 is too high! Blacklisted for 334 seconds
    19:14:11.937 [CM500002]: Unidentified incoming call. Review INVITE and adjust source identification:
    INVITE sip:8235971@192.168.1.199;user=phone SIP/2.0
    Via: SIP/2.0/UDP 192.168.1.110:5060;branch=z9hG4bK52a0f12e9f0a0de9
    Max-Forwards: 70
    Contact: <sip:206@192.168.1.110:5060;transport=udp;user=phone>
    To: <sip:8235971@192.168.1.199;user=phone>
    From: "Anonymous"<sip:anonymous@anonymous.invalid;user=phone>;tag=a21a74158810fc10
    Call-ID: 74bbc391a59d54d6@192.168.1.110
    CSeq: 33662 INVITE
    Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, OPTIONS, INFO, SUBSCRIBE, UPDATE, PRACK, MESSAGE
    Supported: replaces, timer, path
    User-Agent: Grandstream GXP2020 1.1.6.46
    Content-Length: 0

    19:14:11.937 [CM302001]: Authorization system can not identify source of: SipReq: INVITE 8235971@192.168.1.199 tid=52a0f12e9f0a0de9 cseq=INVITE contact=206@192.168.1.110:5060 / 33662 from(wire)
     
  8. FGCUHank

    FGCUHank New Member

    Joined:
    Feb 27, 2010
    Messages:
    101
    Likes Received:
    0
    Status update: been 48+ hours and no problems with these 2 grandstream phones.

    Seems to be two phones that would flip back to flip back to Send Anonymous = Yes.

    On these two phones I went in and set "Enable Call Features" to No
     
Thread Status:
Not open for further replies.