[Spce-user] Call Divert Scam
Henk
henkpls at hotmail.com
Sat Mar 13 03:38:01 EST 2021
Hi Stefano,
I'm not an expert, but I don't see any rewrite rules, you should convert
numbers to E.164 as described in the manual.
Can you check what happens when you use the Call Routing Verification
from the Tools menu?
Also if you want to know if the number 007940 comes from your device, I
think the best way is to use a capture tool like SNGREP on the proxy.
To debug the proxy you can enable debugging with "ngcp-kamctl proxy fifo
corex.debug 3" (standard level = 1)
If the number 007940 doesn't come from rewriting and does not enter the
system, your file system may be hacked (/etc/kamailio).
Regards,
Henk Plessius
VoipDigit
On 11-Mar-21 07:25, Stefano Rogna Manassero via Spce-user wrote:
> Hello all,
>
> I need some help to sort a problem I have recently: I receive a call
> from a local number directed to a subscriber with a spa122 TA that is
> immediately diverted to a 007940… I don’t understand if the call
> diversion is done on spce or on the SPA. I think it’s exploiting the
> SPA somehow but I already wiped the SPA, updated firmware and changed
> pwd of both Cisco user and admin user as well as sip account the
> problem re-appeared.
>
> Any suggestions on how to find out where the diversion is happening?
>
> Thanks
>
> Stefano
>
>
>
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:37 centrale proxy[32579]: NOTICE: <script>: New request on proxy
> - M=ACK R=«sip:017499074 at 94.125.XXXXX»
> F=«sip:0691516096 at 213.204.xxxxx;user=phone»
> T=«sip:017499074 at 94.125.XXXXX» IP=«127.0.0.1»:«5060»
> («127.0.0.1»:«5060»)
> ID=«0e15e0000ef5-604985ef-369313ae-16affbc0-c2710a1 at 127.0.0.1
> <mailto:0e15e0000ef5-604985ef-369313ae-16affbc0-c2710a1 at 127.0.0.1>»
> UA='<null>' DESTIP=«127.0.0.1»:«5062»
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:40 centrale proxy[32580]: NOTICE: <script>: New request on proxy
> - M=INVITE R=«sip:017499074 at 94.125.XXXXX»
> F=«sip:0691516096 at 213.204.xxxxx;user=phone»
> T=«sip:017499074 at 94.125.XXXXX» IP=«213.204.xxxxx»:«5060»
> («127.0.0.1»:«5060»)
> ID=«0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1
> <mailto:0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1>»
> UA='TELES-SBC' DESTIP=«127.0.0.1»:«5062»
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:40 centrale proxy[32580]: NOTICE: <script>: User-Provided CLI
> '«0691516096»' taken from From-User as fallback, should be from
> 'pai_user' - R=«sip:017499074 at 94.125.XXXXX»
> ID=«0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1
> <mailto:0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1>»
> UA='TELES-SBC'
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:40 centrale proxy[32580]: NOTICE: <script>: Network-Provided CLI
> '«0691516096»' taken from From-User as fallback, should be from
> 'pai_user' - R=«sip:017499074 at 94.125.XXXXX»
> ID=«0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1
> <mailto:0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1>»
> UA='TELES-SBC'
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:40 centrale proxy[32580]: NOTICE: <script>: Setting
> '«0691516096»@«213.204.xxxxx»' as initiating user-provided CLI -
> R=«sip:017499074 at 94.125.XXXXX»
> ID=«0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1
> <mailto:0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1>»
> UA='TELES-SBC'
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:40 centrale proxy[32580]: NOTICE: <script>: Setting
> '«0691516096»@«213.204.xxxxx»' as initiating network-provided CLI -
> R=«sip:017499074 at 94.125.XXXXX»
> ID=«0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1
> <mailto:0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1>»
> UA='TELES-SBC'
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:40 centrale proxy[32580]: NOTICE: <script>: Setting acc
> source-leg for uuid '«0»':
> '«0|0691516096|213.204.xxxxx|0691516096|||0|||0|call|213.204.xxxxx|1615431460.728281||||||||||||0691516096||||||8|»'
> - R=«sip:017499074 at 172.16.5.235:5060»
> ID=«0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1
> <mailto:0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1>»
> UA='TELES-SBC'
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:40 centrale proxy[32580]: NOTICE: <script>: Setting
> caller_cli_userprov/caller_domain_userprov '«0691516096»@«d.voceblu.it
> <http://d.voceblu.it>»' for upn - R=«sip:017499074 at 172.16.5.235:5060»
> ID=«0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1
> <mailto:0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1>»
> UA='TELES-SBC'
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:40 centrale proxy[32580]: NOTICE: <script>: Setting From to
> '<«sip:0691516096 at d.voceblu.it
> <mailto:sip%3A0691516096 at d.voceblu.it>»>' -
> R=«sip:017499074 at 172.16.5.235:5060»
> ID=«0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1
> <mailto:0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1>»
> UA='TELES-SBC'
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:40 centrale proxy[32584]: NOTICE: <script>: Load gws matching
> calling part '«sip:0691516096 at d.voceblu.it
> <mailto:sip%3A0691516096 at d.voceblu.it>»' and called user
> '«0079409078357»' and called part '«sip:0079409078357 at d.voceblu.it
> <mailto:sip%3A0079409078357 at d.voceblu.it>;transport=udp»' -
> R=«sip:0079409078357 at d.voceblu.it
> <mailto:sip%3A0079409078357 at d.voceblu.it>;transport=udp»
> ID=«0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1
> <mailto:0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1>»
> UA='TELES-SBC'
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:41 centrale proxy[32584]: NOTICE: <script>: Setting
> caller_cli_userprov/caller_domain_userprov
> '«0691516096»@«213.204.xxxxx»' for upn -
> R=«sip:0079409078357 at 213.204.30.51
> <mailto:sip%3A0079409078357 at 213.204.30.51>»
> ID=«0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1
> <mailto:0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1>»
> UA='TELES-SBC'
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:41 centrale proxy[32584]: NOTICE: <script>: Setting From to
> '<«sip:0691516096 at 213.204.xxxxx»>' -
> R=«sip:0079409078357 at 213.204.30.51
> <mailto:sip%3A0079409078357 at 213.204.30.51>»
> ID=«0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1
> <mailto:0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1>»
> UA='TELES-SBC'
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:41 centrale proxy[32584]: NOTICE: <script>: Setting
> caller_cli_userprov/caller_domain_userprov
> '«0691516096»@«213.204.xxxxx»' for upn -
> R=«sip:0079409078357 at 213.204.30.51
> <mailto:sip%3A0079409078357 at 213.204.30.51>»
> ID=«0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1
> <mailto:0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1>»
> UA='TELES-SBC'
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:41 centrale proxy[32584]: NOTICE: <script>: Setting PAI to
> '<«sip:0691516096 at 213.204.xxxxx»>' -
> R=«sip:0079409078357 at 213.204.30.51
> <mailto:sip%3A0079409078357 at 213.204.30.51>»
> ID=«0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1
> <mailto:0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1>»
> UA='TELES-SBC'
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:41 centrale proxy[32580]: NOTICE: <script>: New request on proxy
> - M=ACK R=«sip:017499074 at 94.125.XXXXX»
> F=«sip:0691516096 at 213.204.xxxxx;user=phone»
> T=«sip:017499074 at 94.125.XXXXX» IP=«127.0.0.1»:«5060»
> («127.0.0.1»:«5060»)
> ID=«0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1
> <mailto:0e15e0000ef5-604985f3-7ce5df47-b5c8dd8-c2710a2 at 127.0.0.1>»
> UA='<null>' DESTIP=«127.0.0.1»:«5062»
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:43 centrale proxy[32582]: NOTICE: <script>: New request on proxy
> - M=INVITE R=«sip:017499074 at 94.125.XXXXX»
> F=«sip:0691516096 at 213.204.xxxxx;user=phone»
> T=«sip:017499074 at 94.125.XXXXX» IP=«213.204.xxxxx»:«5060»
> («127.0.0.1»:«5060»)
> ID=«0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1
> <mailto:0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1>»
> UA='TELES-SBC' DESTIP=«127.0.0.1»:«5062»
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:43 centrale proxy[32582]: NOTICE: <script>: User-Provided CLI
> '«0691516096»' taken from From-User as fallback, should be from
> 'pai_user' - R=«sip:017499074 at 94.125.XXXXX»
> ID=«0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1
> <mailto:0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1>»
> UA='TELES-SBC'
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:43 centrale proxy[32582]: NOTICE: <script>: Network-Provided CLI
> '«0691516096»' taken from From-User as fallback, should be from
> 'pai_user' - R=«sip:017499074 at 94.125.XXXXX»
> ID=«0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1
> <mailto:0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1>»
> UA='TELES-SBC'
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:43 centrale proxy[32582]: NOTICE: <script>: Setting
> '«0691516096»@«213.204.xxxxx»' as initiating user-provided CLI -
> R=«sip:017499074 at 94.125.XXXXX»
> ID=«0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1
> <mailto:0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1>»
> UA='TELES-SBC'
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:43 centrale proxy[32582]: NOTICE: <script>: Setting
> '«0691516096»@«213.204.xxxxx»' as initiating network-provided CLI -
> R=«sip:017499074 at 94.125.XXXXX»
> ID=«0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1
> <mailto:0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1>»
> UA='TELES-SBC'
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:43 centrale proxy[32582]: NOTICE: <script>: Setting acc
> source-leg for uuid '«0»':
> '«0|0691516096|213.204.xxxxx|0691516096|||0|||0|call|213.204.xxxxx|1615431463.236909||||||||||||0691516096||||||8|»'
> - R=«sip:017499074 at 172.16.5.235:5060»
> ID=«0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1
> <mailto:0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1>»
> UA='TELES-SBC'
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:43 centrale proxy[32582]: NOTICE: <script>: Setting
> caller_cli_userprov/caller_domain_userprov '«0691516096»@«d.voceblu.it
> <http://d.voceblu.it>»' for upn - R=«sip:017499074 at 172.16.5.235:5060»
> ID=«0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1
> <mailto:0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1>»
> UA='TELES-SBC'
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:43 centrale proxy[32582]: NOTICE: <script>: Setting From to
> '<«sip:0691516096 at d.voceblu.it
> <mailto:sip%3A0691516096 at d.voceblu.it>»>' -
> R=«sip:017499074 at 172.16.5.235:5060»
> ID=«0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1
> <mailto:0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1>»
> UA='TELES-SBC'
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:43 centrale proxy[32579]: NOTICE: <script>: Load gws matching
> calling part '«sip:0691516096 at d.voceblu.it
> <mailto:sip%3A0691516096 at d.voceblu.it>»' and called user
> '«0079409078357»' and called part '«sip:0079409078357 at d.voceblu.it
> <mailto:sip%3A0079409078357 at d.voceblu.it>;transport=udp»' -
> R=«sip:0079409078357 at d.voceblu.it
> <mailto:sip%3A0079409078357 at d.voceblu.it>;transport=udp»
> ID=«0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1
> <mailto:0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1>»
> UA='TELES-SBC'
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:43 centrale proxy[32579]: NOTICE: <script>: Setting
> caller_cli_userprov/caller_domain_userprov
> '«0691516096»@«213.204.xxxxx»' for upn -
> R=«sip:0079409078357 at 213.204.30.51
> <mailto:sip%3A0079409078357 at 213.204.30.51>»
> ID=«0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1
> <mailto:0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1>»
> UA='TELES-SBC'
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:43 centrale proxy[32579]: NOTICE: <script>: Setting From to
> '<«sip:0691516096 at 213.204.xxxxx»>' -
> R=«sip:0079409078357 at 213.204.30.51
> <mailto:sip%3A0079409078357 at 213.204.30.51>»
> ID=«0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1
> <mailto:0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1>»
> UA='TELES-SBC'
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:43 centrale proxy[32579]: NOTICE: <script>: Setting
> caller_cli_userprov/caller_domain_userprov
> '«0691516096»@«213.204.xxxxx»' for upn -
> R=«sip:0079409078357 at 213.204.30.51
> <mailto:sip%3A0079409078357 at 213.204.30.51>»
> ID=«0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1
> <mailto:0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1>»
> UA='TELES-SBC'
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:43 centrale proxy[32579]: NOTICE: <script>: Setting PAI to
> '<«sip:0691516096 at 213.204.xxxxx»>' -
> R=«sip:0079409078357 at 213.204.30.51
> <mailto:sip%3A0079409078357 at 213.204.30.51>»
> ID=«0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1
> <mailto:0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1>»
> UA='TELES-SBC'
> /var/log/ngcp/kamailio-proxy.log-20210311-1615432621.gz:Mar 11
> 03:57:43 centrale proxy[32580]: NOTICE: <script>: New request on proxy
> - M=ACK R=«sip:017499074 at 94.125.XXXXX»
> F=«sip:0691516096 at 213.204.xxxxx;user=phone»
> T=«sip:017499074 at 94.125.XXXXX» IP=«127.0.0.1»:«5060»
> («127.0.0.1»:«5060»)
> ID=«0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1
> <mailto:0e15e0000ef5-604985f5-4d89703f-27f89ec8-c2710a3 at 127.0.0.1>»
> UA='<null>' DESTIP=«127.0.0.1»:«5062»
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20210313/b8196651/attachment-0002.html>
More information about the Spce-user
mailing list