[Spce-user] Call Divert Scam
Stefano Rogna Manassero
stefano at bandablu.com
Thu Mar 11 01:25:40 EST 2021
Hello all,
I need some help to sort a problem I have recently: I receive a call from a
local number directed to a subscriber with a spa122 TA that is immediately
diverted to a 007940… I don’t understand if the call diversion is done on
spce or on the SPA. I think it’s exploiting the SPA somehow but I already
wiped the SPA, updated firmware and changed pwd of both Cisco user and
admin user as well as sip account the problem re-appeared.
Any suggestions on how to find out where the diversion is happening?
Thanks
Stefano
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:37
centrale proxy[32579]: NOTICE: <script>: New request on proxy - M=ACK
R=«sip:017499074 at 94.125.XXXXX» F=«sip:0691516096 at 213.204.xxxxx;user=phone»
T=«sip:017499074 at 94.125.XXXXX» IP=«127.0.0.1»:«5060» («127.0.0.1»:«5060»)
ID=«0e15e0000ef5-604985ef-369313ae-16affbc0-c2710a1 at 127.0.0.1» UA='<null>'
DESTIP=«127.0.0.1»:«5062»
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:40
centrale proxy[32580]: NOTICE: <script>: New request on proxy - M=INVITE
R=«sip:017499074 at 94.125.XXXXX» F=«sip:0691516096 at 213.204.xxxxx;user=phone»
T=«sip:017499074 at 94.125.XXXXX» IP=«213.204.xxxxx»:«5060»
(«127.0.0.1»:«5060») ID=«
0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1» UA='TELES-SBC'
DESTIP=«127.0.0.1»:«5062»
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:40
centrale proxy[32580]: NOTICE: <script>: User-Provided CLI '«0691516096»'
taken from From-User as fallback, should be from 'pai_user' -
R=«sip:017499074 at 94.125.XXXXX» ID=«
0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1» UA='TELES-SBC'
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:40
centrale proxy[32580]: NOTICE: <script>: Network-Provided CLI
'«0691516096»' taken from From-User as fallback, should be from 'pai_user'
- R=«sip:017499074 at 94.125.XXXXX» ID=«
0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1» UA='TELES-SBC'
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:40
centrale proxy[32580]: NOTICE: <script>: Setting
'«0691516096»@«213.204.xxxxx»' as initiating user-provided CLI -
R=«sip:017499074 at 94.125.XXXXX» ID=«
0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1» UA='TELES-SBC'
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:40
centrale proxy[32580]: NOTICE: <script>: Setting
'«0691516096»@«213.204.xxxxx»' as initiating network-provided CLI -
R=«sip:017499074 at 94.125.XXXXX» ID=«
0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1» UA='TELES-SBC'
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:40
centrale proxy[32580]: NOTICE: <script>: Setting acc source-leg for uuid
'«0»':
'«0|0691516096|213.204.xxxxx|0691516096|||0|||0|call|213.204.xxxxx|1615431460.728281||||||||||||0691516096||||||8|»'
- R=«sip:017499074 at 172.16.5.235:5060» ID=«
0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1» UA='TELES-SBC'
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:40
centrale proxy[32580]: NOTICE: <script>: Setting
caller_cli_userprov/caller_domain_userprov '«0691516096»@«d.voceblu.it»'
for upn - R=«sip:017499074 at 172.16.5.235:5060» ID=«
0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1» UA='TELES-SBC'
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:40
centrale proxy[32580]: NOTICE: <script>: Setting From to '<«
sip:0691516096 at d.voceblu.it»>' - R=«sip:017499074 at 172.16.5.235:5060» ID=«
0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1» UA='TELES-SBC'
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:40
centrale proxy[32584]: NOTICE: <script>: Load gws matching calling part '«
sip:0691516096 at d.voceblu.it»' and called user '«0079409078357»' and called
part '«sip:0079409078357 at d.voceblu.it;transport=udp»' - R=«
sip:0079409078357 at d.voceblu.it;transport=udp» ID=«
0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1» UA='TELES-SBC'
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:41
centrale proxy[32584]: NOTICE: <script>: Setting
caller_cli_userprov/caller_domain_userprov '«0691516096»@«213.204.xxxxx»'
for upn - R=«sip:0079409078357 at 213.204.30.51» ID=«
0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1» UA='TELES-SBC'
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:41
centrale proxy[32584]: NOTICE: <script>: Setting From to
'<«sip:0691516096 at 213.204.xxxxx»>' - R=«sip:0079409078357 at 213.204.30.51»
ID=«0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1» UA='TELES-SBC'
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:41
centrale proxy[32584]: NOTICE: <script>: Setting
caller_cli_userprov/caller_domain_userprov '«0691516096»@«213.204.xxxxx»'
for upn - R=«sip:0079409078357 at 213.204.30.51» ID=«
0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1» UA='TELES-SBC'
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:41
centrale proxy[32584]: NOTICE: <script>: Setting PAI to
'<«sip:0691516096 at 213.204.xxxxx»>' - R=«sip:0079409078357 at 213.204.30.51»
ID=«0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1» UA='TELES-SBC'
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:41
centrale proxy[32580]: NOTICE: <script>: New request on proxy - M=ACK
R=«sip:017499074 at 94.125.XXXXX» F=«sip:0691516096 at 213.204.xxxxx;user=phone»
T=«sip:017499074 at 94.125.XXXXX» IP=«127.0.0.1»:«5060» («127.0.0.1»:«5060»)
ID=«0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1» UA='<null>'
DESTIP=«127.0.0.1»:«5062»
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:43
centrale proxy[32582]: NOTICE: <script>: New request on proxy - M=INVITE
R=«sip:017499074 at 94.125.XXXXX» F=«sip:0691516096 at 213.204.xxxxx;user=phone»
T=«sip:017499074 at 94.125.XXXXX» IP=«213.204.xxxxx»:«5060»
(«127.0.0.1»:«5060») ID=«
0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1» UA='TELES-SBC'
DESTIP=«127.0.0.1»:«5062»
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:43
centrale proxy[32582]: NOTICE: <script>: User-Provided CLI '«0691516096»'
taken from From-User as fallback, should be from 'pai_user' -
R=«sip:017499074 at 94.125.XXXXX» ID=«
0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1» UA='TELES-SBC'
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:43
centrale proxy[32582]: NOTICE: <script>: Network-Provided CLI
'«0691516096»' taken from From-User as fallback, should be from 'pai_user'
- R=«sip:017499074 at 94.125.XXXXX» ID=«
0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1» UA='TELES-SBC'
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:43
centrale proxy[32582]: NOTICE: <script>: Setting
'«0691516096»@«213.204.xxxxx»' as initiating user-provided CLI -
R=«sip:017499074 at 94.125.XXXXX» ID=«
0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1» UA='TELES-SBC'
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:43
centrale proxy[32582]: NOTICE: <script>: Setting
'«0691516096»@«213.204.xxxxx»' as initiating network-provided CLI -
R=«sip:017499074 at 94.125.XXXXX» ID=«
0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1» UA='TELES-SBC'
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:43
centrale proxy[32582]: NOTICE: <script>: Setting acc source-leg for uuid
'«0»':
'«0|0691516096|213.204.xxxxx|0691516096|||0|||0|call|213.204.xxxxx|1615431463.236909||||||||||||0691516096||||||8|»'
- R=«sip:017499074 at 172.16.5.235:5060» ID=«
0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1» UA='TELES-SBC'
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:43
centrale proxy[32582]: NOTICE: <script>: Setting
caller_cli_userprov/caller_domain_userprov '«0691516096»@«d.voceblu.it»'
for upn - R=«sip:017499074 at 172.16.5.235:5060» ID=«
0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1» UA='TELES-SBC'
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:43
centrale proxy[32582]: NOTICE: <script>: Setting From to '<«
sip:0691516096 at d.voceblu.it»>' - R=«sip:017499074 at 172.16.5.235:5060» ID=«
0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1» UA='TELES-SBC'
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:43
centrale proxy[32579]: NOTICE: <script>: Load gws matching calling part '«
sip:0691516096 at d.voceblu.it»' and called user '«0079409078357»' and called
part '«sip:0079409078357 at d.voceblu.it;transport=udp»' - R=«
sip:0079409078357 at d.voceblu.it;transport=udp» ID=«
0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1» UA='TELES-SBC'
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:43
centrale proxy[32579]: NOTICE: <script>: Setting
caller_cli_userprov/caller_domain_userprov '«0691516096»@«213.204.xxxxx»'
for upn - R=«sip:0079409078357 at 213.204.30.51» ID=«
0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1» UA='TELES-SBC'
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:43
centrale proxy[32579]: NOTICE: <script>: Setting From to
'<«sip:0691516096 at 213.204.xxxxx»>' - R=«sip:0079409078357 at 213.204.30.51»
ID=«0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1»
UA='TELES-SBC'
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:43
centrale proxy[32579]: NOTICE: <script>: Setting
caller_cli_userprov/caller_domain_userprov '«0691516096»@«213.204.xxxxx»'
for upn - R=«sip:0079409078357 at 213.204.30.51» ID=«
0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1» UA='TELES-SBC'
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:43
centrale proxy[32579]: NOTICE: <script>: Setting PAI to
'<«sip:0691516096 at 213.204.xxxxx»>' - R=«sip:0079409078357 at 213.204.30.51»
ID=«0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1»
UA='TELES-SBC'
/var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11 03:57:43
centrale proxy[32580]: NOTICE: <script>: New request on proxy - M=ACK
R=«sip:017499074 at 94.125.XXXXX» F=«sip:0691516096 at 213.204.xxxxx;user=phone»
T=«sip:017499074 at 94.125.XXXXX» IP=«127.0.0.1»:«5060» («127.0.0.1»:«5060»)
ID=«0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1» UA='<null>'
DESTIP=«127.0.0.1»:«5062»
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20210310/7e6e4ac2/attachment-0001.html>
More information about the Spce-user
mailing list