|
From: | Alex |
Subject: | Re: [Linphone-developers] very strange behaviuor of android app |
Date: | Wed, 30 Mar 2016 19:21:15 +0300 |
Your scenario does not mean that the Linphone apps on the playmarket is hacked. These calls are coming from some hacker using a tool called sipvicious. Have you created an inbound firewall rule on your home firewall for your softphone? Russell On Wed, Mar 30, 2016 at 11:57 AM, Alex <address@hidden> wrote: Hello, Yesterday, I've installed Linphone on an Android phone from Google Play. The phone has a stock firmware and not rooted. I created a sip account to connect Linphone to my office Asterisk (it's not faced to the Internet) and played with it for couple hours in the office. Then went home. This night at approx. 4am I started receiving calls from unknown nunmbers. I dropped them but the calls came constantly. Finally I've sent logs to myself (from About menu) and turned off Linphone. Here is a snippet from the log: ... 2016-03-30 05:53:07:012 MESSAGE belle_sip_get_src_addr_for(): af_inet6=0 2016-03-30 05:53:07:013 MESSAGE Channel has local address 192.168.1.102:5060 2016-03-30 05:53:07:013 MESSAGE channel 0xabedf128: state READY 2016-03-30 05:53:07:013 MESSAGE udp_listening_point: new channel created to 23.239.65.172:5070 2016-03-30 05:53:07:015 MESSAGE bellesip_wake_lock_acquire(): Android wake lock acquired [ref=0x649008be] 2016-03-30 05:53:07:015 MESSAGE channel [0xabedf128]: starting recv background task with id=[649008be]. 2016-03-30 05:53:07:016 MESSAGE channel [0xabedf128]: received [752] new bytes from [UDP://23.239.65.172:5070]: INVITE sip:address@hidden SIP/2.0 To: 0972597740483<sip:address@hidden> From: 2022<sip:address@hidden>;tag=c0456eb0 Via: SIP/2.0/UDP 23.239.65.172:5070;branch=z9hG4bK-0af3431b5b5e528f4bc7e81e5c8fd611;rport Call-ID: 0af3431b5b5e528f4bc7e81e5c8fd611 CSeq: 1 INVITE Contact: <sip:address@hidden:5070> Max-Forwards: 70 Allow: INVITE, ACK, CANCEL, BYE User-Agent: sipcli/v1.8 Content-Type: application/sdp Content-Length: 282 v=0 o=sipcli-Session 424980921 1826714528 IN IP4 23.239.65.172 s=sipcli c=IN IP4 23.239.65.172 t=0 0 m=audio 5073 RTP/AVP 18 0 8 101 a=fmtp:101 0-15 a=rtpmap:18 G729/8000 a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:101 telephone-event/8000 a=ptime:20 a=sendrecv 2016-03-30 05:53:07:024 MESSAGE channel [0xabedf128] [470] bytes parsed 2016-03-30 05:53:07:024 MESSAGE channel [0xabedf128] read [282] bytes of body from [23.239.65.172:5070] 2016-03-30 05:53:07:026 MESSAGE Changing [server] [INVITE] transaction [0xab99f600], from state [INIT] to [PROCEEDING] 2016-03-30 05:53:07:027 MESSAGE channel [0xabedf128]: message sent to [UDP://23.239.65.172:5070], size: [280] bytes SIP/2.0 100 Trying Via: SIP/2.0/UDP 23.239.65.172:5070;branch=z9hG4bK-0af3431b5b5e528f4bc7e81e5c8fd611;rport From: "2022" <sip:address@hidden>;tag=c0456eb0 To: "0972597740483" <sip:address@hidden> Call-ID: 0af3431b5b5e528f4bc7e81e5c8fd611 CSeq: 1 INVITE 2016-03-30 05:53:07:027 MESSAGE New server dialog [0xab743078] , local tag [], remote tag [c0456eb0] 2016-03-30 05:53:07:027 MESSAGE op [0xabd13df8] : set_or_update_dialog() current=[0x0] new=[0xab743078] 2016-03-30 05:53:07:027 MESSAGE new incoming call from ["2022" <sip:address@hidden>] to ["0972597740483" <sip:address@hidden>] ... 192.168.1.102 - is my ip address in my home wifi network 178.162.x.y - is a public ip of my home wifi router The full log is available at https://www.dropbox.com/s/nv6sece7whkgpw8/linphone.zip?dl=0 In the log you may find REGISTER requests to 172.26.1.242:5060 - it's my office Asterisk which is inaccessible from home. Can someone shed some light what was it and how could that happen? I see the only cause of this: Linphone app on the playmarket is hacked. Is it? -- Best regards, Alex _______________________________________________ Linphone-developers mailing list address@hidden https://lists.nongnu.org/mailman/listinfo/linphone-developers |
[Prev in Thread] | Current Thread | [Next in Thread] |