Release note (10.3.9): Authorized IP Addresses for Incoming SIP

If you ever running a SIP based PBX system, such as Voicent’s FlexPBX and IVR system, you are almost certain to see incoming calls pretending from extension 1000 or so. The culprit is a piece of hacking software called SIPvicious. Here is what you get when you google it: “SIPVicious is a Session Initiation Protocol (SIP) auditing tool that has been observed to be used in increasing reconnaissance attacks against IP and VoIP phones and PBX systems. SIPVicious is used as an auditing tool for scanning phone systems by performing INVITE scans silently.”

There are also other tools can can be used to scan your system and trying to make free calls.

You can certainly block these incoming SIP messages using your firewall program. Sometimes  this approach may not be that easy and the settings may not be that obvious.

Enhancement has been made to Voicent gateway such that it will drop any incoming SIP message unless it is coming from an authenticated IP address. To do so, open Setup > Options > SIP tab, select the SIP account, click Edit, then click the Advanced button. You can enter a list of IP addresses or prefixes, such as:

<pre>204.11.109, 64.20.109.10</pre>

Any address that matches or contains the listed prefixes is considered as an authorized IP address.