Anybody Having Trouble Today?

[MisterEd]

My ATA has been up for periods of 16 days recently (that I have noticed, there may have been longer periods). Right now it's 9 days 11 hours. When I first got it it would reboot every 45 minutes like clockwork and drove me nuts because all my phone indicator lights all around the house would flash bright red with each reboot but support fixed that.

Maybe once a week would be a good compromise or even every day if it was done at 2 or 3AM and not during the middle of the day.

[Russell]

My ATA has been up for periods of 16 days recently (that I have noticed, there may have been longer periods). Right now it's 9 days 11 hours. When I first got it it would reboot every 45 minutes like clockwork and drove me nuts because all my phone indicator lights all around the house would flash bright red with each reboot but support fixed that.

Maybe once a week would be a good compromise or even every day if it was done at 2 or 3AM and not during the middle of the day.

I couldn't agree more. Looking at the uptime on my ATA it looks like another reboot occurred yesterday afternoon around 2:10 pm.

[tritch]

I couldn't agree more. Looking at the uptime on my ATA it looks like another reboot occurred yesterday afternoon around 2:10 pm.

As a non-provisoned BYOD user, I'm not sure if this applies to your case but it might be wise to take a quick look at the data traffic to the ATA (Wireshark, etc.) using the timestamp of the reboot as a basis of analysis. I say this because you have UDP ports 5004-65000 open (much like myself until recently).

I recently started having strange random reboots on my ATA, sometimes frequently every day. By accident, I just happened to be watching the ATA when suddenly the ATA activity light started to rapidly flash along with the DSL activity light, then the ATA self-rebooted followed by 2 similar events and self-reboots all in about 30 second time span. The activity looked similar to a DoS attack and I suspected somebody was trying to hack the ATA. I installed a debug logger and waited a few hours for another ATA reboot. Sure enough it happened again, and the debug log revealed I was being hit by a "sipvicious" scan tool followed by hundreds of attempts to crack my password using unused open SIP ports. In my case, it was hitting unused ports 5064, 5074 and 5075. The IP address of the hacker was coming from China. Fortunately, I have a fairly complex password, so nothing was compromised. I also have international calling blocked in vPanel as a safeguard. What's amazing is that I released/renewed my public IP on the DSL modem and within a few hours I was hit again!!

Needless to say, I had to close up a lot of the open UDP ports in the router that were not being used by Voipo to stop the attacks. I did leave some ports open that I felt were needed to avoid any potiential dead air issues.

These are the only UDP ports that I have open now:
5004, 5012, 5079 and 35000-65000.

So far so good.....no more reboots and service is working great with no issues.

[Russell]

I tried looking at my router logs but my naive eye didn't catch anything. Another reboot earlier today when there was no one at home and based on the call logs no phone traffic. I do have a ticket open ... lets see if what comes of that.

[tritch]

Nothing showed up in my router logs either. Actually, I downloaded and installed Cisco's ATA debug syslog utility, then enabled the debug options in the ATA to capture all the traffic as per their instructions:

https://supportforums.cisco.com/docs/DOC-9897

Since your ATA is provisioned, I suppose you would have to get Support to temporairly enable the debug options in the ATA since you don't have access to the admin settings. I'm unsure whether the RT31P2 has these debug options anyway because I'm using a SPA2102.

After what happened to me, I got to wondering how many of Voipo's customers who have their ATA's directly connected to their modems (or have all those UDP ports open in their router) are being hit with these attacks and causing mysterious reboots.

[Russell]

Thanks for the info. I may look at it this weekend. For now I'm waiting to see what support comes up with.

I too have always been concerned with that huge range of ports that have been forwarded. I've been with several VOIP companies (Vonage, SunRocket, ViaTalk to name some) and I've never had to forward ports to have reliable service. And, I have international calling enabled. I'm going to ask a dumb question based on your previous post. Are these ATA's hackable in the sense can someone obtain and use my account info and thereby make international calls at "my" expense?

[tritch]

Are these ATA's hackable in the sense can someone obtain and use my account info and thereby make international calls at "my" expense?

I'm by no means an expert in this area and wish that I could answer that question. Tim and his support team would be better at answering this one. Maybe someone else who has more technical knowledge can chime in. It would seem to me that they would have to crack the account credentials which I'm pretty sure Voipo keeps fairly complex. It's also likely that Voipo has a fraud detection/prevention monitoring system in place to circumvent or limit this activity.

I doubt you would be liable for any fraudulent calls since the ATA is owned and provisioned by Voipo. I would simply disable international calls in vPanel if you use it infrequently or not at all. That's really all these hackers want to do is make international calls.