Solved

troubleshooting a spoofed caller ID on an internal PBX system

Posted on 2014-01-31
4
720 Views
Last Modified: 2014-02-12
I got called in on this phone issue.  THey have voip PBX box (positron) and SIP trunk lines.

they had put the pbx box on the DMZ and supposedly was hacked.  Now their caller ID for outgoing calls says a totally wrong phone number.

I put the PBX box behind the firewall and set port forwarding as per positron's instructions.

caller id is still wrong.

positron says it's not them and we are waiting for a call back from the SIP provider.  is it with them? something we shoudl be able to change by logging in to sip provider? or they need to correct it?

or is that controlled somewhere else?
0
Comment
  • 2
4 Comments
 

Author Comment

by:BeGentleWithMe-INeedHelp
Comment Utility
weird - the sip provider tech support guy called me from his sip phone on the same sip provider's service to  my cell and his call showed up as the same spoofed phone number as my client is sending out.  how can it not be a problem with the sip provider?  He says the sip phone has menues to change the outgoing caller ID info!?  I thought spoofing caller ID was harder than just change it in your phone?  People would spend the work day playing games : )
0
 
LVL 76

Assisted Solution

by:arnold
arnold earned 250 total points
Comment Utility
The Outgoing CALLERID is easily spoofed as it is an IE packet (must have heard the VOIP based providers and the calls to emergency services) the provider is the one who can and dpes enforce it by not allowing a call to complete when the data in this packet is not part of the company allocated block of phone numbers.

Within your PBX, double check that the caller ID you are transmitting/setting is correct for the firm whether or not the provider passes that along.

You are correct that the issue is on the SIP provider or whoever their upstream/translating is if any.

They need to check whether they are or are not passing your PBX's IE packet.
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
Comment Utility
THe tech support guy called his cell phone from his sip phone and it showed the correct info.  He called another cell phone on a different provider here (we are in US, he's in Canada) and it showed the wrong caller ID also.

He puts me on hold, talks to some people and says that there's another client of theirs that is having the same problem and it's a problem with the ECOM (sp?)  database here in the US and that it's out of their hands but they have a ticket in with the firm that maintains the ecom database to fix it?

Sound like BS? Or legitimate?  2 clients and their own phone is giving out the 214 area code number.  Did the provider get hacked?

Is ECOM the correct spelling?  ever hear of that?  you talk of translation?  When the sip provider hands off the call to the POTS line provider, it has the caller ID packet.  Then that's where the ecom database comes into play to transliate it into the wrong caller ID?  So the ecom database company got hacked?

you say the sip provider is the one that DOES enforce (prevent) spoofing? I suppose a better word would be 'could' enforce?  Any requirement by some organization / gov't department to require enforcement? I would think not because there's web services that specifically let you spoof, right?

THANKS!


This wrong caller ID for my client has been going on for 2 weeks and the sip provider was using the fact that the PBX was in the DMZ / not locked down as the cause.  The PBX vendor says the box is clean (I don't even see where I could change / edit caller ID from the PBX box).
0
 
LVL 15

Accepted Solution

by:
Phonebuff earned 250 total points
Comment Utility
Well,  

     The information is are getting is correct.   Depending on your VoIP Carrier and your systems capabilities, you could be sending the wrong number or because of billing and setup the Carrier could be sending the wrong number.   In fact many people look for the ability to send a given caller_id to the network when they make a call.  An Executive for instance may want to the "mail" number sent when they make general calls, but the direct dial number sent for family, and certain specific vendors.  Where as a dispatch center may want the "Main" number sent or No number sent, for generic cals, but the operator's direct number when they call a Chief officer or Command post as a call back can come directly to them and not have to routed for times to get the call back to that operator.

     Both of these are because people, specifically cell phone users like to retain and dial back the incoming number.  

     For your case rule yourselves out first by getting a Wireshark trace of some outbound calls and checking to be sure what's in the SIP header.    

   http://www.wireshark.org/

   If you need it there are a lot of good videos on your tube to jump start you.

     =======
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Join & Write a Comment

Every year the snow affects people and businesses. According to the Federation of Small Businesses (FSB), in 2009, UK businesses lost an estimated £1.2bn (http://news.bbc.co.uk/1/hi/business/7864804.stm) because of bad weather. This article was c…
Article by: user_n
How Sip Phone (User Agent) works and communicates with sip servers 1.  There is a sip server and a sip registrar.  The sip server and sip registrar can be one server or two different servers. The sip registrar is the server on which it is record…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now