Hello everyone,
I’m currently facing a challenge with a standard Janus setup, where we use the Janus WebSockets Interface along with the Janus SIP plugin. This setup enables app users to register on a SIP server, facilitating both outgoing and incoming calls. The setup is on a VPS with a public IP, and we’re using SIP over UDP. So far, so good.
However, we’ve hit a snag. Users have started receiving unsolicited incoming calls from unknown numbers. After analyzing tcpdump logs on the VPS, it’s apparent that these calls originate from an unknown IP, not the registered SIP server (which operates in proxy mode, implying all calls should only come from its IP). These calls target dynamically allocated ports, not the standard 5060. It appears to be the work of a SIP crawler script, mistakenly probing for a SIP trunk on my server, resulting in these nuisance calls.
I’m exploring solutions but facing constraints:
- A firewall rule isn’t feasible due to the dynamic nature of the SIP server IPs our users may register with.
- Shifting to TCP for SIP signaling isn’t an option, as some older SIP servers our users rely on don’t support TCP.
This leads to my question, as per the topic title: Is there a way to configure the Janus SIP plugin (or perhaps with some Sofia-SIP settings) to only accept incoming calls from the SIP server it’s registered with?
Any suggestions, workarounds, or insights into how others might have tackled a similar issue would be greatly appreciated.
Thank you in advance for your help!