Browse Category

Technical Hints

IP phone web interface security

Security of IP telephony systems is a hot topic at the moment, it has been for quite some time and is should always be at the forefront of anyone’s mind when setting up such a system.

There are loads of methods and applications for securing PBXs and the like but something I often see overlooked is security of the actual phones themselves.

The usual threat is someone obtaining SIP credentials by looking at the phone’s web interface. In some cases, IP phone devices have the password displayed in plain-text for all to see. Slightly better implemented GUIs have the password obfuscated when you look at the page but still readable by viewing the page source code in your web browser.

If ProVu ever become aware of any products we sell with either of these issues, we push the manufacturer make changes to hide the password at all times.

Further to this though, anyone installing IP phones should really set strong web interface usernames and passwords. I see phones put on public IP addresses or sometimes with port forwards (often for support purposes) that have no passwords set! This is like leaving the front door to your house wide open while you go out to work all day. Please remember to set a username and password. If a phone comes with a default username and password then do not leave this set as you can be certain the people who want to break into your phone will know default passwords for various phones.

ProVu can set usernames and passwords for phones using our provisioning services:

ProVu fulfilment services

cheers,
Paul.

Draytek 2820 known issue with current firmware

Over the last few weeks we have been taking lots of support calls from people with NAT issues with phones using Draytek routers.

The 2820 seems to be the main router affected but it could be others.

The problem manifests itself with SIP phones losing Registration to the SIP server with 408 time-out messages. In most cases it is weird in that some phones on the network will work fine and others wont.

The fix (which is confirmed by Draytek themselves to a couple of my customers) is to downgrade to firmware version “333”.

This problem occurs even if you have the SIP ALG turned off. Please ensure the ALG is off as this can cause even more problems, it is usually off by default these days.

As a side note, please make sure you are not using a Draytek router with “voip” ports, the model number will usually have a “v” in it. These are not suitable for use with stand-alone SIP phones connected to the network, they are only use if you are ONLY using the built-in VoIP ports. There is no fix other than swapping the router out as far as I’m aware.

cheers,
Paul.

SnomONE and Voipfone

I’ve just diagnosed an issue a customer had getting a Voipfone SIP trunk Registered on a SnomONE PBX.

The trick to getting this to work is:

    • Turn on long SIP headers. Go to the admin, general settings page and set “Use Short SIP Headers” to “long”

 

    • If you are using IP access control then you need to enable the IP range 195.189.172.1 – 195.189.173.254 to ensure Voipfone will work

 

SnomOne more info

Upgrade your old phones for security

We’ve heard a few reports of VoIP fraud from hackers extracting SIP details from phones.

Problems usually from a combination of very old phone firmware, on a public IP address (no firewall) and no password on the web interface.

Tips

  • Put password on web interfaces
  • Upgrade old phone firmware. We suggest any Snom older than version 7.3.14 or Yealink older than version 60 is upgraded.

ProVu can help arrange this for customers who take our ProSys managed phone service.

If in any doubt please get in touch.

ProSys Provisioning Questions

ProVu are receiving a lot of of enquiries about our new ProSys phone provisioning and management system.

Some common questions and answers below.

The ability to download stock/pricing will be useful to us as we
already run an in-house database for quoting and splitting e-commerce
orders to the current best price/stock suppliers.

This bit is easy

https://secure.provu.co.uk/prosys/price_list.php?XML=yes

or

https://secure.provu.co.uk/prosys/price_list.php?CSV=yes

Using your prosys username and password.

We may not use the XML ordering immediately but would be interested
in doing so. If we need to do this in order to take advantage of
provisioning then this wouldn’t be an issue.

You don’t need to use XML ordering from day 1. You can just place the orders manually using the online order form.

We can also test your first few orders here before the phones get shipped to makesure everything is working properly.

It would be very interesting if we were able to place orders whereby the phone arrives at the customer and provisions complete with the SIP line configuration as this would drastically reduce the turn around and shipping costs for our customers as we would not have to
either have the unit shipped to us first or go out to site to configure new phones. Is this what your provisioning service is about?

Yes. this is exactly what the system is designed to do. You place the order (manually or automatically using XML) including the delivery address and SIP details. We ship the phone to your end user with the configuration details ready to go and branded like it came from you.

So that is provisioning.

The next bit is phone management, which is for phones after they have been deployed. You can edit settings and view diagnostics on phones deployed onsite.

Common VoIP poor call quality symptoms and causes

We get asked this a fair bit here, I’ve compiled a quick list of the most common symptoms and causes with some possible solutions too:

Symptom: caller or callee hearing any of the following – clicks, periods of silence (voice stopping and starting), “robotic” sounding voice. This is by far the most common issue.

Cause: packet loss, can be due to lots of things, insufficient Internet bandwidth, lack of QoS on a connection shared with data, faulty network equipment (can include poor cabling), problems at the ISP.

More on bandwidth: a normal g711a VoIP call will require approximately 100kbps in both directions on the wire. The actual audio part is 64kbps but then you have to factor in RTP headers, IP headers, UDP headers etc… So it doesn’t matter if you have a 10Mbps Internet connection if this only has 256kbps, then you will only ever get two VoIP calls and even this assumes you are doing pretty much nothing else with it.

—-

Symptom: crackling during phone calls.

Cause: This is going to be a hardware issue with something like the phone’s handset or handset cable. Or headset if a headset is being used.

—-

Symptom: echo during calls, either the caller or callee hears their own voice coming back at them a fraction of a second after they spoke.

Cause: the fault usually lies with the person not hearing the echo. I.E. if a person you have phoned complains of echo then it is more than likely something on your phone causing it. The most common cause is people having handset volume turned up miles too loud, microphone gain too high or using a very poor quality handset or headset. It’s normally going to be an acoustic problem. Although it can also be caused by phones with extremely poor quality hardware and not very good echo cancellation routines (was common in the very early days of VoIP).

—-

Symptom: calls are too quiet, people who call me can’t hear me or I can’t hear them. My phone handset/headset volume is at full.

Cause: this is usually caused at the point where a call is translated from one format to another, such as inside a PBX converting an ISDN call to a SIP/RTP call. The fault needs to be fixed where at the cause rather than trying to mask the problem by turning handset volume up too loud (as this is likely lead to other problems such as echo on other calls). Most PBX systems will have settings to adjust gain levels when converting calls from one format to another. If this only occurs when using a headset, then check you are using the correct one for your phone.

—-

Symptom: when using a headset, the person I am talking to can hear a buzzing on the line. For those in the know, it is a 50Hz “mains buzz”.

Cause: this is caused by electrical interference being picked up by your headset’s cable. Causes can be faulty electrical equipment (computer, computer screen etc…) nearby. One solution is to ground your phone somehow. Either install fully shielded network cabling (which isn’t much use if you already have unshielded UTP cable installed throughout your building!). Or power your phone with a fully earth power supply, these are identifiable as they will have a 3-pin “IEC” connector from the wall socket to the power brick. Fortunately there is an easier answer which is to buy a headset which has a better quality shielded microphone.

—-

Disable SIP ALGs on Draytek Routers

Many commercial routers now a days are coming with SIP ALG`s turned on by default. This feature is suppose to help with Nat related issues but in majority it break the implementation and cause issues such as one way audio, lack of incoming calls, registration issues and etc.

Recently, We have received couple of calls regarding IP phones not working behind DreyTek routers. The reason is same SIP ALG.

If you are a victim of this feature please disable it using the following procedure.

Telnet into the router and enter the following command.

1. > sys sip_alg 0 — Disables sip alg

2. > sys commit — Apply changes

3. > sys reboot — Reboot router

Once router is back online, reboot the ip phone or press re-register.

Disable SIP ALGs on Thomson routers

This has cropped up a few times of late.

You need to telnet into the router:

Administrator is the default user on the box.

You should get something similar to below after doing this.



------------------------------------------------------------------------



                            ______  Thomson TG585 v7

                        ___/_____/

                       /         /  7.4.20.3

                 _____/__       /  

               _/       /\_____/___   Copyright (c) 1999-2008, THOMSON

              //       /         / 

      _______//_______/         / _/______

     /      /            /    / /        /

  __/      /            /    / /        / _\__

 / /      /     \_______/    / /        / /   /

/_/______/___________________/ /________/ /___/  

           ___________                   /

 \_        /          /              \___/

          /          /                 /

     \_____/          /         \________/

          /__________/            /

             _____        /_____/

            /    /      /___/

            /____/      /

                  /___/

             \____/



------------------------------------------------------------------------

_{Administrator}=>

connection unbind application=SIP port=5060
saveall <Enter>

M3 HS Speaker problem

Recently, customers have reported that M3HS speakers are creating problems for them.

Some of the main issues are

1) Voice keeps cutting off during a call on speakers
2) M3 HS ringer not working
3) Voice quality is poor

Good news is, there is a firmware update that resolve most of these issues.

<%ThickBox(http://blog.provu.co.uk/media/5/20100630-unnamed.jpg|Snom M3)%>

I’d like to encourage all of you (who are still using an M3) to perform an update to this version following the instructions here:

http://wiki.snom.com/Snom_m3/Firmware/Beta

Please report any issues you might encounter.

Tesco Cancels VoIP Service – Unlock Gigaset Code

Tesco will be phasing out its VoIP service, provided by Freshtel over the next few weeks. The service will be closed down completely on the 27th April 2010.

Tesco offer Gigaset handsets to their UK customers when signing up to use their VoIP service. These phones are locked to the Tesco/Freshtel service.

As ProVu are the UK Distributor for Gigaset VoIP Products, we’ve been speaking with them to find out how we can help all Tesco customers who currently have a Gigaset DECT phone, which they cannot currently use with another VoIP provider.

Gigaset have supplied ProVu with a simple document instructing you how to unlock your phone, so that it can be used with an alternate VoIP account from an ITSP or with your PBX.

For instructions on how, please just visit: http://gigaset.me.uk/