Hi all, for some strange reason, our still-under-test Asterisk deployment wants to contact the outside world and that raised some eyebrows here... Just a sample of our firewall log: -- ...a=DROPIN=eth0 OUT=eth2 SRC=192.168.36.199 DST=195.77.113.194 LEN=476 TOS=0x10 PREC=0x00 TTL=62 ID=39572 DF PROTO=UDP SPT=5060 DPT=62975 LEN=456 -- Why is this happening? We got no relationship with the DST IP address and external access is not allowed. Any ideas? Martin
Stewart Nelson
2004-Jun-04 04:44 UTC
[Asterisk-Users] Strange connection to the outside...
Hi Martin, This looks like a SIP reply. I suspect that a misconfigured SIP phone or proxy is inserting a Via: header that contains the 195.77 address, or a name that resolves to it. Capture the packet text with your firewall, or by running Ethereal on your * machine, or with * itself, and the other headers should lead you to the source. Otherwise, it's possible that an external INVITE is somehow getting in. It's plausible that a travel company would be using VoIP. inetnum: 195.77.113.192 - 195.77.113.223 netname: V-SOLTOUR descr: Viajes Soltour descr: Corporate Access country: ES admin-c: MR6821-RIPE tech-c: MR6821-RIPE status: ASSIGNED PA mnt-by: MAINT-AS3352 changed: administracion.ripe@telefonica-data.com 19991123 changed: administracion.ripe@telefonica-data.com 20030725 source: RIPE person: Mateo Ramon address: Viajes Soltour address: Casp 17, 3 Planta address: Barcelona 08010 address: SPAIN phone: +34 971 787000 fax-no: +34 971 457106 e-mail: root@v-soltour.es nic-hdl: MR6821-RIPE mnt-by: MAINT-AS3352 changed: olga.luna@telefonica-data.com 19991123 source: RIPE --Stewart -----Original Message----- Date: Fri, 04 Jun 2004 10:30:30 +0200 From: Martin Mielke <martin.mielke@thales-is.com> To: asterisk-users@lists.digium.com Subject: [Asterisk-Users] Strange connection to the outside... Reply-To: asterisk-users@lists.digium.com Hi all, for some strange reason, our still-under-test Asterisk deployment wants to contact the outside world and that raised some eyebrows here... Just a sample of our firewall log: -- ...a=DROPIN=eth0 OUT=eth2 SRC=192.168.36.199 DST=195.77.113.194 LEN=476 TOS=0x10 PREC=0x00 TTL=62 ID=39572 DF PROTO=UDP SPT=5060 DPT=62975 LEN=456 -- Why is this happening? We got no relationship with the DST IP address and external access is not allowed. Any ideas? Martin