• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 798
  • Last Modified:

troubleshooting a spoofed caller ID on an internal PBX system

I got called in on this phone issue.  THey have voip PBX box (positron) and SIP trunk lines.

they had put the pbx box on the DMZ and supposedly was hacked.  Now their caller ID for outgoing calls says a totally wrong phone number.

I put the PBX box behind the firewall and set port forwarding as per positron's instructions.

caller id is still wrong.

positron says it's not them and we are waiting for a call back from the SIP provider.  is it with them? something we shoudl be able to change by logging in to sip provider? or they need to correct it?

or is that controlled somewhere else?
0
BeGentleWithMe-INeedHelp
Asked:
BeGentleWithMe-INeedHelp
  • 2
2 Solutions
 
BeGentleWithMe-INeedHelpAuthor Commented:
weird - the sip provider tech support guy called me from his sip phone on the same sip provider's service to  my cell and his call showed up as the same spoofed phone number as my client is sending out.  how can it not be a problem with the sip provider?  He says the sip phone has menues to change the outgoing caller ID info!?  I thought spoofing caller ID was harder than just change it in your phone?  People would spend the work day playing games : )
0
 
arnoldCommented:
The Outgoing CALLERID is easily spoofed as it is an IE packet (must have heard the VOIP based providers and the calls to emergency services) the provider is the one who can and dpes enforce it by not allowing a call to complete when the data in this packet is not part of the company allocated block of phone numbers.

Within your PBX, double check that the caller ID you are transmitting/setting is correct for the firm whether or not the provider passes that along.

You are correct that the issue is on the SIP provider or whoever their upstream/translating is if any.

They need to check whether they are or are not passing your PBX's IE packet.
0
 
BeGentleWithMe-INeedHelpAuthor Commented:
THe tech support guy called his cell phone from his sip phone and it showed the correct info.  He called another cell phone on a different provider here (we are in US, he's in Canada) and it showed the wrong caller ID also.

He puts me on hold, talks to some people and says that there's another client of theirs that is having the same problem and it's a problem with the ECOM (sp?)  database here in the US and that it's out of their hands but they have a ticket in with the firm that maintains the ecom database to fix it?

Sound like BS? Or legitimate?  2 clients and their own phone is giving out the 214 area code number.  Did the provider get hacked?

Is ECOM the correct spelling?  ever hear of that?  you talk of translation?  When the sip provider hands off the call to the POTS line provider, it has the caller ID packet.  Then that's where the ecom database comes into play to transliate it into the wrong caller ID?  So the ecom database company got hacked?

you say the sip provider is the one that DOES enforce (prevent) spoofing? I suppose a better word would be 'could' enforce?  Any requirement by some organization / gov't department to require enforcement? I would think not because there's web services that specifically let you spoof, right?

THANKS!


This wrong caller ID for my client has been going on for 2 weeks and the sip provider was using the fact that the PBX was in the DMZ / not locked down as the cause.  The PBX vendor says the box is clean (I don't even see where I could change / edit caller ID from the PBX box).
0
 
PhonebuffCommented:
Well,  

     The information is are getting is correct.   Depending on your VoIP Carrier and your systems capabilities, you could be sending the wrong number or because of billing and setup the Carrier could be sending the wrong number.   In fact many people look for the ability to send a given caller_id to the network when they make a call.  An Executive for instance may want to the "mail" number sent when they make general calls, but the direct dial number sent for family, and certain specific vendors.  Where as a dispatch center may want the "Main" number sent or No number sent, for generic cals, but the operator's direct number when they call a Chief officer or Command post as a call back can come directly to them and not have to routed for times to get the call back to that operator.

     Both of these are because people, specifically cell phone users like to retain and dial back the incoming number.  

     For your case rule yourselves out first by getting a Wireshark trace of some outbound calls and checking to be sure what's in the SIP header.    

   http://www.wireshark.org/

   If you need it there are a lot of good videos on your tube to jump start you.

     =======
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now