Solved

troubleshooting a spoofed caller ID on an internal PBX system

Posted on 2014-01-31
4
764 Views
Last Modified: 2014-02-12
I got called in on this phone issue.  THey have voip PBX box (positron) and SIP trunk lines.

they had put the pbx box on the DMZ and supposedly was hacked.  Now their caller ID for outgoing calls says a totally wrong phone number.

I put the PBX box behind the firewall and set port forwarding as per positron's instructions.

caller id is still wrong.

positron says it's not them and we are waiting for a call back from the SIP provider.  is it with them? something we shoudl be able to change by logging in to sip provider? or they need to correct it?

or is that controlled somewhere else?
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39825466
weird - the sip provider tech support guy called me from his sip phone on the same sip provider's service to  my cell and his call showed up as the same spoofed phone number as my client is sending out.  how can it not be a problem with the sip provider?  He says the sip phone has menues to change the outgoing caller ID info!?  I thought spoofing caller ID was harder than just change it in your phone?  People would spend the work day playing games : )
0
 
LVL 79

Assisted Solution

by:arnold
arnold earned 250 total points
ID: 39826240
The Outgoing CALLERID is easily spoofed as it is an IE packet (must have heard the VOIP based providers and the calls to emergency services) the provider is the one who can and dpes enforce it by not allowing a call to complete when the data in this packet is not part of the company allocated block of phone numbers.

Within your PBX, double check that the caller ID you are transmitting/setting is correct for the firm whether or not the provider passes that along.

You are correct that the issue is on the SIP provider or whoever their upstream/translating is if any.

They need to check whether they are or are not passing your PBX's IE packet.
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39826499
THe tech support guy called his cell phone from his sip phone and it showed the correct info.  He called another cell phone on a different provider here (we are in US, he's in Canada) and it showed the wrong caller ID also.

He puts me on hold, talks to some people and says that there's another client of theirs that is having the same problem and it's a problem with the ECOM (sp?)  database here in the US and that it's out of their hands but they have a ticket in with the firm that maintains the ecom database to fix it?

Sound like BS? Or legitimate?  2 clients and their own phone is giving out the 214 area code number.  Did the provider get hacked?

Is ECOM the correct spelling?  ever hear of that?  you talk of translation?  When the sip provider hands off the call to the POTS line provider, it has the caller ID packet.  Then that's where the ecom database comes into play to transliate it into the wrong caller ID?  So the ecom database company got hacked?

you say the sip provider is the one that DOES enforce (prevent) spoofing? I suppose a better word would be 'could' enforce?  Any requirement by some organization / gov't department to require enforcement? I would think not because there's web services that specifically let you spoof, right?

THANKS!


This wrong caller ID for my client has been going on for 2 weeks and the sip provider was using the fact that the PBX was in the DMZ / not locked down as the cause.  The PBX vendor says the box is clean (I don't even see where I could change / edit caller ID from the PBX box).
0
 
LVL 15

Accepted Solution

by:
Phonebuff earned 250 total points
ID: 39827108
Well,  

     The information is are getting is correct.   Depending on your VoIP Carrier and your systems capabilities, you could be sending the wrong number or because of billing and setup the Carrier could be sending the wrong number.   In fact many people look for the ability to send a given caller_id to the network when they make a call.  An Executive for instance may want to the "mail" number sent when they make general calls, but the direct dial number sent for family, and certain specific vendors.  Where as a dispatch center may want the "Main" number sent or No number sent, for generic cals, but the operator's direct number when they call a Chief officer or Command post as a call back can come directly to them and not have to routed for times to get the call back to that operator.

     Both of these are because people, specifically cell phone users like to retain and dial back the incoming number.  

     For your case rule yourselves out first by getting a Wireshark trace of some outbound calls and checking to be sure what's in the SIP header.    

   http://www.wireshark.org/

   If you need it there are a lot of good videos on your tube to jump start you.

     =======
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently purchased a Bluetooth headset called the Music Jogger (model BSH10). The control buttons on it look like this: One of my goals is to use it as the microphone and speakers for Skype calls. In that respect, it works well. However, I …
Why do some people recommend buying business VoIP from an ISP? What are the benefits to my company? What are the costs?
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question