Send VoiceOps mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://puck.nether.net/mailman/listinfo/voiceops
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of VoiceOps digest..."
Today's Topics:
1. Details on Portland, ME outages (Robin Rodriguez)
2. Re: looking for advice on international fraud that took place
via an Edgemarc 200EW with FXO line installed (Matt Yaklin)
3. Re: looking for advice on international fraud that took place
via an Edgemarc 200EW with FXO line installed (Jay Hennigan)
4. Re: looking for advice on international fraud that took place
via an Edgemarc 200EW with FXO line installed (Matt Yaklin)
5. Re: looking for advice on international fraud that took place
via an Edgemarc 200EW with FXO line installed (Matt Yaklin)
----------------------------------------------------------------------
Message: 1
Date: Fri, 1 Nov 2013 13:56:11 -0500
From: Robin Rodriguez <[email protected]>
To: "<[email protected]>" <[email protected]>
Subject: [VoiceOps] Details on Portland, ME outages
Message-ID:
<CADY85qrbZYPeKQu0-nbQTJXZ7wiAxjoLmE_+o_JQrQcJS=w...@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Anyone have any specific details about an origination outage in Portland,
ME (LATA 120) that extended most of the day yesterday (10/31).
Experienced outages from several origination carriers which have cited a
ULC's protect ring not taking over during a planned maintenance.
--
Robin Rodriguez
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://puck.nether.net/pipermail/voiceops/attachments/20131101/46ef440f/attachment-0001.html>
------------------------------
Message: 2
Date: Fri, 1 Nov 2013 15:04:13 -0400 (EDT)
From: Matt Yaklin <[email protected]>
To: David Thompson <[email protected]>
Cc: [email protected]
Subject: Re: [VoiceOps] looking for advice on international fraud that
took place via an Edgemarc 200EW with FXO line installed
Message-ID: <[email protected]>
Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
Approx 60-70 calls.
[email protected]
On Fri, 1 Nov 2013, David Thompson wrote:
> How many calls are we talking about here?
>
> David Thompson
> Network Services Support Technician
> (O) 858.357.8794
> (F) 858-225-1882
> (E) [email protected]
> (W)?www.esi-estech.com
>
> -----Original Message-----
> From: VoiceOps [mailto:[email protected]] On Behalf Of Matt
> Yaklin
> Sent: Friday, November 01, 2013 10:20 AM
> To: Brad Anouar
> Cc: [email protected]
> Subject: Re: [VoiceOps] looking for advice on international fraud that
> took place via an Edgemarc 200EW with FXO line installed
>
>
> Hi Brad,
>
> On Fri, 1 Nov 2013, Brad Anouar wrote:
>
>> Hi Matt,
>>
>> Assuming that the accounts associated with the POTS lines are
>> registering users, have you already considered the fact that the
>> attack could've originated somewhere other than the edgemark?
>> Have you checked the auth/pass for the users associated with the POTS
> lines?
>
> If I understood you correctly I think this will answer your question. The
> POTS line is not SIP at all. It is a POTS line provided out of our legacy
> Coppercom voice switch. It travels via GR303 to a central office and from
> there to the customer premise via Pairgain SHDSL gear. That gear muxes up
> to 6 POTS lines down a single copper pair to the customer premise. A
> little CPE unmuxes them.
>
> My CDR records on my border T7000 switch clearly show the call coming from
> the Coppercom switch via SS7 trunks and then going out to Level3.
>
> All of this is TDM based POTS lines. No SIP at all when discussing the
> POTS line.
>
> So based on that the call had to be generated at the customer premise in
> some fashion. The Edgemarc is the most likely culprit unless physical
> access was used to make the calls.
>
>
>> Is international calling enabled for these users?
>
> It was on the Broadsoft system. It is not anymore. Any call the Broadsoft
> group generates goes out as their main number unless they call 911. The
> main number is not the POTS line number. Plus I would have seen any
> Broadsoft generated call come in a different path to our border switch.
>
> It was allowed via the dialing rules on the Edgemarc. I have not modified
> that yet to only allow certain calls. Grenada, sadly, is part of the North
> American Dialing Plan. No 011 needed in front of the number. Just a
> 1+xxx-xxx-xxxx. Modifying the dialing plan on the Edgemarc may be painful
> unless I just allow New Hampshire's area code to start, 911, and 7 digit
> dialing.
>
>
>
>> Do they have a voice portal?
>
> Yes they do. It is on Broadsoft. But once again any Broadsoft call would
> come into my border switch via a different path. I would know if it came
> from that system.
>
>
> [email protected]
>
>>
>> Brad Anouar
>>
>> Sent from my Verizon Wireless 4G LTE Smartphone
>>
>>
>> ----- Reply message -----
>> From: "Matt Yaklin" <[email protected]>
>> To: "[email protected]" <[email protected]>
>> Subject: [VoiceOps] looking for advice on international fraud that
>> took place via an Edgemarc 200EW with FXO line installed
>> Date: Fri, Nov 1, 2013 9:31 AM
>>
>>
>>
>>
>> Hi all,
>>
>> I had some toll fraud to Grenada last night which we stopped as soon
>> as we became aware of it. Example numbers being dialed were:
>>
>> 1-473-405-0085
>> 1-473-405-0084
>> 1-473-405-0088
>>
>> Normally I can track down how it happened to figure out who was at
> fault.
>> But this time I am having a hard time.
>>
>> The customer has two types of service from us. Yealink phones
>> connected to our Broadsoft system with an Edgemarc 200EW installed at
>> the customer premise. They also have some POTS line with us for
>> faxing. One of those POTS lines is connected to the Edgemarc 200EW via
>> the built in FXO port for "Survivability". Meaning if the WAN ethernet
>> port on the Edgemarc has a failure they can at least have one line to
>> dial out on in case of an emergency. That is about the only time it
>> would ever be used except for faxing.
>>
>> The toll fraud CPN just happens to be that POTS line connected to the
>> Edgemarc. That POTS line is also connected to a very basic fax machine.
>>
>> In the Edgemarc for that FXO port two stage dialing is disabled in
>> both directions. We had incoming calls on the FXO line being forward
>> to a Yealink phone but that would never function properly due to the
>> customer having a fax line picking up first. Just leftover config
>> during the install where we made an assumption the customer might want
> it.
>>
>> The Yealink phones are behind the Edgemarc (NAT) and not reachable via
>> the internet. The Edgemarc is using radius for user auth and has
>> strong passwords set. I cannot find any config in Broadsoft where a
>> user had call forwarding setup or whatever that would cause this. I
>> cannot find any settings in the Edgemarc that would allow this to take
>> place. As in a config mistake.
>>
>> The Edgemarc is running code Version 11.6.19.
>> The Yealink phones are also up2date with the newest code from the
>> vendor's website.
>>
>> I do not think this fraud was done on site via physical means. It is a
>> school and I just cannot picture a student or faculty having a need to
>> call Grenada.
>>
>> The Edgemarc does have port 5060 open to the world but it is just a
> ?proxy?
>> I was under the impression that one cannot brute force an account on a
>> proxy device that has no config as such like an asterisk box would.
>> You would be basically brute forcing against Broadsoft in that case?
>>
>> Either way I am still digging into things but I thought by sending
>> this email someone might have some advice to clue me into something I
>> am missing when it comes to Edgemarc and FXO security.
>>
>> Thanks,
>>
>> [email protected]
>>
>>
>> _______________________________________________
>> VoiceOps mailing list
>> [email protected]
>> https://puck.nether.net/mailman/listinfo/voiceops
>>
> _______________________________________________
> VoiceOps mailing list
> [email protected]
> https://puck.nether.net/mailman/listinfo/voiceops
>
------------------------------
Message: 3
Date: Fri, 01 Nov 2013 12:15:32 -0700
From: Jay Hennigan <[email protected]>
To: [email protected]
Subject: Re: [VoiceOps] looking for advice on international fraud that
took place via an Edgemarc 200EW with FXO line installed
Message-ID: <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1
On 11/1/13 12:04 PM, Matt Yaklin wrote:
>
> Approx 60-70 calls.
If more than one overlapping you can rule out the physical FXO port.
--
Jay Hennigan - CCIE #7880 - Network Engineering - [email protected]
Impulse Internet Service - http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV
------------------------------
Message: 4
Date: Fri, 1 Nov 2013 15:22:53 -0400 (EDT)
From: Matt Yaklin <[email protected]>
To: Monterrosa Santiago <[email protected]>
Cc: "[email protected]" <[email protected]>
Subject: Re: [VoiceOps] looking for advice on international fraud that
took place via an Edgemarc 200EW with FXO line installed
Message-ID: <[email protected]>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
On Fri, 1 Nov 2013, Monterrosa Santiago wrote:
> Hi, interesting puzzle!
>
> Just trying to figure out your scenario
>
> Have you checked in the CDRs if the originating IP address matches the
> private IP of the Yealink?
> If not, the hacker could be guessing wisely the Broadsoft authentication
> password of the Yealink
> devices to register its own device from Internet, then making calls to
> Grenada or wherever destination is allowed.
>
I know that scenario is not the case because the POTS line is on
a legacy voice switch which is TDM based. No SIP.
I clearly see the calls coming into my border switch from the
legacy switch. That means the calls came from the POTS line for
sure.
I just put a 8 digit authorization PIN on the POTS for international
dialing to stop the problem for now and buy me some time.
It really does appear that I am either making a config mistake,
the customer has a physical security issue, or the edgemarc has
a problem with its software to allow an attacker to use the FXO
port in some way...
[email protected]
> -----Original Message-----
> From: VoiceOps [mailto:[email protected]] On Behalf Of Matt Yaklin
> Sent: viernes, 01 de noviembre de 2013 10:31 a.m.
> To: [email protected]
> Subject: [VoiceOps] looking for advice on international fraud that took place
> via an Edgemarc 200EW with FXO line installed
>
>
> Hi all,
>
> I had some toll fraud to Grenada last night which we stopped as soon as we
> became aware of it. Example numbers being dialed were:
>
> 1-473-405-0085
> 1-473-405-0084
> 1-473-405-0088
>
> Normally I can track down how it happened to figure out who was at fault.
> But this time I am having a hard time.
>
> The customer has two types of service from us. Yealink phones connected to
> our Broadsoft system with an Edgemarc 200EW installed at the customer
> premise. They also have some POTS line with us for faxing. One of those POTS
> lines is connected to the Edgemarc 200EW via the built in FXO port for
> "Survivability". Meaning if the WAN ethernet port on the Edgemarc has a
> failure they can at least have one line to dial out on in case of an
> emergency. That is about the only time it would ever be used except for
> faxing.
>
> The toll fraud CPN just happens to be that POTS line connected to the
> Edgemarc. That POTS line is also connected to a very basic fax machine.
>
> In the Edgemarc for that FXO port two stage dialing is disabled in both
> directions. We had incoming calls on the FXO line being forward to a Yealink
> phone but that would never function properly due to the customer having a fax
> line picking up first. Just leftover config during the install where we made
> an assumption the customer might want it.
>
> The Yealink phones are behind the Edgemarc (NAT) and not reachable via the
> internet. The Edgemarc is using radius for user auth and has strong passwords
> set. I cannot find any config in Broadsoft where a user had call forwarding
> setup or whatever that would cause this. I cannot find any settings in the
> Edgemarc that would allow this to take place. As in a config mistake.
>
> The Edgemarc is running code Version 11.6.19.
> The Yealink phones are also up2date with the newest code from the vendor's
> website.
>
> I do not think this fraud was done on site via physical means. It is a school
> and I just cannot picture a student or faculty having a need to call Grenada.
>
> The Edgemarc does have port 5060 open to the world but it is just a ?proxy?
> I was under the impression that one cannot brute force an account on a proxy
> device that has no config as such like an asterisk box would. You would be
> basically brute forcing against Broadsoft in that case?
>
> Either way I am still digging into things but I thought by sending this email
> someone might have some advice to clue me into something I am missing when it
> comes to Edgemarc and FXO security.
>
> Thanks,
>
> [email protected]
>
>
> _______________________________________________
> VoiceOps mailing list
> [email protected]
> https://puck.nether.net/mailman/listinfo/voiceops
>
>
> ________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
> La informaci?n en este correo electr?nico y sus anexos es confidencial y
> privilegiada. Est? dirigida exclusivamente a sus destinatarios y por lo tanto
> nadie m?s est? autorizado a tener acceso a ?lla. Si Ud. no es el
> destinatario, es il?cito imprimirla, reproducirla o distribuirla. Si lo
> recibi? por error, por favor avise al remitente y borre cualquier registro en
> sus sistemas.
>
> CONFIDENTIALITY NOTICE: This email message and its attachments, if any, are
> intended only for the person or entity to which it is addressed and contains
> privileged information. Any use, printing, disclosure, or distribution of
> such information without the written authorization is prohibited. If you are
> not the intended recipient, please contact the sender and destroy all copies
> of the original message.
>
> Nuestro aviso de privacidad est? publicado en la p?gina web:
> http://www.mcmtelecom.com.mx/common/politica_privacidad.htm
>
>
------------------------------
Message: 5
Date: Fri, 1 Nov 2013 15:33:27 -0400 (EDT)
From: Matt Yaklin <[email protected]>
To: Jay Hennigan <[email protected]>
Cc: [email protected]
Subject: Re: [VoiceOps] looking for advice on international fraud that
took place via an Edgemarc 200EW with FXO line installed
Message-ID: <[email protected]>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
They are not over lapping.
The attacker finally bit just a bit ago. I only was running
tcpdump on port 5060 on the edgemarc but i captured the SIP
traffic for what the attacker is doing. I wish I had setup
more.
I blocked international via an auth code right now...
x.x.139.225 = WAN ethernet port of the Edgemarc.
I am going through this now and if anyone can help I would
greatly appreciate it. I need to find out why this is happening.
-----------------------
-----------------------
-----------------------
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
SUBSCRIBE, INFO
User-Agent: eyeBeam release 3007n stamp 17816
Cont
<<<<<<<<<<<<<<<sip header stop<<<<<<<<<<<<<<<<<<<<
19:18:48.788559 176.58.68.20.10181 > x.x.139.225.5060:
>>>>>>>>>>>>>>>sip header start>>>>>>>>>>>>>>>>>>>
REGISTER sip:x.x.139.225 SIP/2.0
To: <sip:[email protected]>
From: <sip:[email protected]>;tag=e26e273f
Via: SIP/2.0/UDP
176.58.68.20:10181;branch=z9hG4bK-d87543-161690352-1--d87543-;rport
Call-ID: b161d8122d506908
CSeq: 1 REGISTER
Contact: <sip:[email protected]:10181>
Expires: 3600
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
SUBSCRIBE, INFO
User-Agent: eyeBeam release 3007n stamp 17816
Cont
<<<<<<<<<<<<<<<sip header stop<<<<<<<<<<<<<<<<<<<<
19:18:52.786472 176.58.68.20.10181 > x.x.139.225.5060:
>>>>>>>>>>>>>>>sip header start>>>>>>>>>>>>>>>>>>>
REGISTER sip:x.x.139.225 SIP/2.0
To: <sip:[email protected]>
From: <sip:[email protected]>;tag=e26e273f
Via: SIP/2.0/UDP
176.58.68.20:10181;branch=z9hG4bK-d87543-161690352-1--d87543-;rport
Call-ID: b161d8122d506908
CSeq: 1 REGISTER
Contact: <sip:[email protected]:10181>
Expires: 3600
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
SUBSCRIBE, INFO
User-Agent: eyeBeam release 3007n stamp 17816
Cont
<<<<<<<<<<<<<<<sip header stop<<<<<<<<<<<<<<<<<<<<
19:18:56.794955 176.58.68.20.10181 > x.x.139.225.5060:
>>>>>>>>>>>>>>>sip header start>>>>>>>>>>>>>>>>>>>
REGISTER sip:x.x.139.225 SIP/2.0
To: <sip:[email protected]>
From: <sip:[email protected]>;tag=e26e273f
Via: SIP/2.0/UDP
176.58.68.20:10181;branch=z9hG4bK-d87543-161690352-1--d87543-;rport
Call-ID: b161d8122d506908
CSeq: 1 REGISTER
Contact: <sip:[email protected]:10181>
Expires: 3600
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
SUBSCRIBE, INFO
User-Agent: eyeBeam release 3007n stamp 17816
Cont
<<<<<<<<<<<<<<<sip header stop<<<<<<<<<<<<<<<<<<<<
19:19:00.899198 176.58.68.20.10181 > x.x.139.225.5060:
>>>>>>>>>>>>>>>sip header start>>>>>>>>>>>>>>>>>>>
REGISTER sip:x.x.139.225 SIP/2.0
To: <sip:[email protected]>
From: <sip:[email protected]>;tag=e26e273f
Via: SIP/2.0/UDP
176.58.68.20:10181;branch=z9hG4bK-d87543-161690352-1--d87543-;rport
Call-ID: b161d8122d506908
CSeq: 1 REGISTER
Contact: <sip:[email protected]:10181>
Expires: 3600
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
SUBSCRIBE, INFO
User-Agent: eyeBeam release 3007n stamp 17816
Cont
<<<<<<<<<<<<<<<sip header stop<<<<<<<<<<<<<<<<<<<<
19:19:04.809371 176.58.68.20.10181 > x.x.139.225.5060:
>>>>>>>>>>>>>>>sip header start>>>>>>>>>>>>>>>>>>>
REGISTER sip:x.x.139.225 SIP/2.0
To: <sip:[email protected]>
From: <sip:[email protected]>;tag=e26e273f
Via: SIP/2.0/UDP
176.58.68.20:10181;branch=z9hG4bK-d87543-161690352-1--d87543-;rport
Call-ID: b161d8122d506908
CSeq: 1 REGISTER
Contact: <sip:[email protected]:10181>
Expires: 3600
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
SUBSCRIBE, INFO
User-Agent: eyeBeam release 3007n stamp 17816
Cont
<<<<<<<<<<<<<<<sip header stop<<<<<<<<<<<<<<<<<<<<
19:19:08.831073 176.58.68.20.10181 > x.x.139.225.5060:
>>>>>>>>>>>>>>>sip header start>>>>>>>>>>>>>>>>>>>
REGISTER sip:x.x.139.225 SIP/2.0
To: <sip:[email protected]>
From: <sip:[email protected]>;tag=e26e273f
Via: SIP/2.0/UDP
176.58.68.20:10181;branch=z9hG4bK-d87543-161690352-1--d87543-;rport
Call-ID: b161d8122d506908
CSeq: 1 REGISTER
Contact: <sip:[email protected]:10181>
Expires: 3600
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
SUBSCRIBE, INFO
User-Agent: eyeBeam release 3007n stamp 17816
Cont
<<<<<<<<<<<<<<<sip header stop<<<<<<<<<<<<<<<<<<<<
19:19:12.827515 176.58.68.20.10181 > x.x.139.225.5060:
>>>>>>>>>>>>>>>sip header start>>>>>>>>>>>>>>>>>>>
REGISTER sip:x.x.139.225 SIP/2.0
To: <sip:[email protected]>
From: <sip:[email protected]>;tag=e26e273f
Via: SIP/2.0/UDP
176.58.68.20:10181;branch=z9hG4bK-d87543-161690352-1--d87543-;rport
Call-ID: b161d8122d506908
CSeq: 1 REGISTER
Contact: <sip:[email protected]:10181>
Expires: 3600
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
SUBSCRIBE, INFO
User-Agent: eyeBeam release 3007n stamp 17816
Cont
<<<<<<<<<<<<<<<sip header stop<<<<<<<<<<<<<<<<<<<<
19:19:16.827669 176.58.68.20.10181 > x.x.139.225.5060:
>>>>>>>>>>>>>>>sip header start>>>>>>>>>>>>>>>>>>>
REGISTER sip:x.x.139.225 SIP/2.0
To: <sip:[email protected]>
From: <sip:[email protected]>;tag=e26e273f
Via: SIP/2.0/UDP
176.58.68.20:10181;branch=z9hG4bK-d87543-161690352-1--d87543-;rport
Call-ID: b161d8122d506908
CSeq: 1 REGISTER
Contact: <sip:[email protected]:10181>
Expires: 3600
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
SUBSCRIBE, INFO
User-Agent: eyeBeam release 3007n stamp 17816
Cont
<<<<<<<<<<<<<<<sip header stop<<<<<<<<<<<<<<<<<<<<
19:23:19.307756 176.58.68.20.10189 > x.x.139.225.5060:
>>>>>>>>>>>>>>>sip header start>>>>>>>>>>>>>>>>>>>
BYE sip:[email protected]:5060 SIP/2.0
To: <sip:[email protected]>;tag=6516fea2
From: <sip:[email protected]>;tag=214bbc47
Via: SIP/2.0/UDP
176.58.68.20:10189;branch=z9hG4bK-d87543-1012476641-1--d87543-;rport
Call-ID: 346c8a3823657575
CSeq: 2 BYE
Route: <sip:[email protected];lr>
Contact: <sip:[email protected]:10189>
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
SUBSCRIBE,
<<<<<<<<<<<<<<<sip header stop<<<<<<<<<<<<<<<<<<<<
19:23:19.370269 x.x.139.225.5060 > 176.58.68.20.10189:
>>>>>>>>>>>>>>>sip header start>>>>>>>>>>>>>>>>>>>
SIP/2.0 200 OK
Via: SIP/2.0/UDP
176.58.68.20:10189;branch=z9hG4bK-d87543-1012476641-1--d87543-;rport=5060
Record-Route: <sip:[email protected];lr>
From: <sip:[email protected]>;tag=214bbc47
To: <sip:[email protected]>;tag=6516fea2
Call-ID: 346c8a3823657575
CSeq: 2 BYE
Contact: <sip:[email protected]:5060>
User-agent: fxo/1.0
Content-Length: 0
<<<<<<<<<<<<<<<sip header stop<<<<<<<<<<<<<<<<<<<<
[tos 0xb8]
19:23:31.365141 176.58.68.20.10189 > x.x.139.225.5060:
>>>>>>>>>>>>>>>sip header start>>>>>>>>>>>>>>>>>>>
INVITE sip:[email protected] SIP/2.0
To: <sip:[email protected]>
From: <sip:[email protected]>;tag=d909f80a
Via: SIP/2.0/UDP
176.58.68.20:10189;branch=z9hG4bK-d87543-292959825-1--d87543-;rport
Call-ID: 2b6a574f323db602
CSeq: 1 INVITE
Contact: <sip:[email protected]:10189>
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
SUBSCRIBE, INFO
Content-Type: application/sdp
User-Agent: eyeBeam
<<<<<<<<<<<<<<<sip header stop<<<<<<<<<<<<<<<<<<<<
19:23:31.417251 x.x.139.225.5060 > 176.58.68.20.10189:
>>>>>>>>>>>>>>>sip header start>>>>>>>>>>>>>>>>>>>
SIP/2.0 100 Trying
Via: SIP/2.0/UDP
176.58.68.20:10189;branch=z9hG4bK-d87543-292959825-1--d87543-;rport=5060
From: <sip:[email protected]>;tag=d909f80a
To: <sip:[email protected]>;tag=51a346d4
Call-ID: 2b6a574f323db602
CSeq: 1 INVITE
User-agent: fxo/1.0
Content-Length: 0
<<<<<<<<<<<<<<<sip header stop<<<<<<<<<<<<<<<<<<<<
[tos 0xb8]
19:23:36.793012 x.x.139.225.5060 > 176.58.68.20.10189:
>>>>>>>>>>>>>>>sip header start>>>>>>>>>>>>>>>>>>>
SIP/2.0 180 Ringing
Via: SIP/2.0/UDP
176.58.68.20:10189;branch=z9hG4bK-d87543-292959825-1--d87543-;rport=5060
Record-Route: <sip:[email protected];lr>
From: <sip:[email protected]>;tag=d909f80a
To: <sip:[email protected]>;tag=51a346d4
Call-ID: 2b6a574f323db602
CSeq: 1 INVITE
Contact: <sip:[email protected]:5060>
User-agent: fxo/1.0
Content-Length: 0
<<<<<<<<<<<<<<<sip header stop<<<<<<<<<<<<<<<<<<<<
[tos 0xb8]
19:23:36.833967 x.x.139.225.5060 > 176.58.68.20.10189:
>>>>>>>>>>>>>>>sip header start>>>>>>>>>>>>>>>>>>>
SIP/2.0 200 OK
Via: SIP/2.0/UDP
176.58.68.20:10189;branch=z9hG4bK-d87543-292959825-1--d87543-;rport=5060
Record-Route: <sip:[email protected];lr>
From: <sip:[email protected]>;tag=d909f80a
To: <sip:[email protected]>;tag=51a346d4
Call-ID: 2b6a574f323db602
CSeq: 1 INVITE
Contact: <sip:[email protected]:5060>
User-agent: fxo/1.0
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE
Content-Type: application/sdp
Content-Leng
<<<<<<<<<<<<<<<sip header stop<<<<<<<<<<<<<<<<<<<<
[tos 0xb8]
19:23:37.060875 176.58.68.20.10189 > x.x.139.225.5060:
>>>>>>>>>>>>>>>sip header start>>>>>>>>>>>>>>>>>>>
ACK sip:[email protected]:5060 SIP/2.0
To: <sip:[email protected]>;tag=51a346d4
From: <sip:[email protected]>;tag=d909f80a
Via: SIP/2.0/UDP
176.58.68.20:10189;branch=z9hG4bK-d87543-154025872-1--d87543-;rport
Call-ID: 2b6a574f323db602
CSeq: 1 ACK
Route: <sip:[email protected];lr>
Contact: <sip:[email protected]:10189>
Max-Forwards: 70
User-Agent: eyeBeam release 3007n stamp 17816
Content-Length: 0
<<<<<<<<<<<<<<<sip header stop<<<<<<<<<<<<<<<<<<<<
---------------
--------------
------------
On Fri, 1 Nov 2013, Jay Hennigan wrote:
> On 11/1/13 12:04 PM, Matt Yaklin wrote:
>>
>> Approx 60-70 calls.
>
> If more than one overlapping you can rule out the physical FXO port.
>
> --
> Jay Hennigan - CCIE #7880 - Network Engineering - [email protected]
> Impulse Internet Service - http://www.impulse.net/
> Your local telephone and internet company - 805 884-6323 - WB6RDV
> _______________________________________________
> VoiceOps mailing list
> [email protected]
> https://puck.nether.net/mailman/listinfo/voiceops
>
------------------------------
Subject: Digest Footer
_______________________________________________
VoiceOps mailing list
[email protected]
https://puck.nether.net/mailman/listinfo/voiceops
------------------------------
End of VoiceOps Digest, Vol 53, Issue 2
***************************************
