Bulletin 16 May 2020

-Hackers Unlimited-
Hackers are sure finding innovative ways to get into your VoIP device. Afirewall is a good solution to have, but hacking cases, the common causesare a combination of weak passwords on SIP Accounts, and Public

Internet Connectivity.

Whilst the VoIP providers do spend a large portion of their budget on

security in order to protect their clients, there are still loopholes to get

through them. There are protection mechanisms you can use to fight off

these scoundrels, but some services will still be exposed.

Below we list some ways you can use to limit your liability. Although

not entirely safe, it will add some burglar bars around your windows.



Limit concurrencies to limit fraudulent activity
Hackers tend to start slowly, then hit you hard over a weekend or at oddhours of hte morning. They will begin with 2 or 3 concurrent calls, thenburst to 20 or 30 concurrent calls thus connecting as many 20 second

simultaneous calls within a short period of time. If you set your SIP

Account to the concurrency you need to use, say 3 or 4, you are bound

to throttle the calls to a minimum. Your credits may die a slower and

painful death, but you stand a chance for the providers to detect the

breach and close the port, thus saving you.



Habitual Toll Fraud
Once a hacker gets in, he will not hack immediately. He will begin scoutingyour network, examine your dialing habits, and make an occasional call hereand there to see which premium numbers are allowed. He’ll also spoof some

IPs and see which one it takes. You network resilience will also be tested.

To detect them is very difficult. They will call some short calls, an

occasional long call, and when they see your network is quiet, boom!

multiple concurrencies, long calls and your airtime evaporates into thin air!



SIP Extensions

Your OTEL SIP extension can limit IP access by setting the IP Auth in /24


For an example of a /24 format on the IP range is as follows

When you have and IP of Then your range can only reach until

Click on the SIP Extensions’ PROVISIONING AND SIP PREF then

Allow extension SIP connection only from IP

Enable this option if you want to provision a new SIP device for the current

Phone terminal extension.

This will unlock the Device Information and the Device Settings fieldsets,

allowing you to configure the equipment.

The extension will get all its setup parameters from the provisioning server;

otherwise, the extension user will have to manually set the device parameters



Change your default password

Change your default passwords when the SIP account has been created for

you. To set a strong password, follow the example below, Very important!

If you set a password let’s say CURTAINS then it should look something

like this [email protected]

Let us look at the password written in letters and numbers. When using a

letter that looks like a number let’s say for instance i/I = 1, s/S = 5, o/O = 0

then your password strength will increase

Special characters

When using special characters your password strength will also increase

let’s say a/A = @ and i/I = !

Spaces between words are also considered as a character.

See what you can do with your password. Don’t forget you can use numbers

and characters in the same password to increase your password’s strength

even further.

Very important – passwords in this form can be impossible to hack

if password has more then 8 characters



Setup IPTABLES in IP PBXs to acceptregistrations to SIP account only from LAN IPs,
IPTables is a built in firewall in Linux. Once you get to know how to use it, itis a simple and effective tool. If you’re getting too confused with the language,there are free GUI based IPTables compilers on the web.

Click on ‘read more’ to learn more about IP Tables





Hackers can also target your phone if your incoming router connections are is

well protected. Setup a low cost Mikrotik or other managed router in front

of the IP Phones to allow incoming registrations only from LAN IPs



Most providers no longer allowed hidden DIDs in fixedline dialing Ensure that you show DID in E.164 format.
In order for clients to be seen on the DiD system they should not set theirphones to anonymous outbound calling, in order for the DiD towork – clientsshould use the E.164 format rather than the “0” format.

Most providers no longer allow hidden DIDs in fixed line dialing. Ensure

that you show DID in E.164 format.



Contact Us

Office: 08000 6000 2

E-Mail: [email protected]

Tech support Emergency number

0871 600 911

Physical Address: OTEL Building, 9 Wiek Street, Bardene, Boksburg

Postal Address: P.O. Box 25899, East Rand, 145

Ticket Support office hours:Monday to Friday: 8am to 5pmWeekends and hours after : only crucial technical ticket requests, no sales

Wesite links: otelafrica.com | Support | My Account | Agent Portal E&OE