OK, I need a bit of help here. I'm configuring a new Asterisk 11 system and I accidentally let my firewall rules drop for a day or so. When I logged in today, I found messages like the ones below on my asterisk console. Obviously somebody was trying to take advantage of my carelessness. So can someone explain what would cause these types of messages to show up on my console? I understand that my iptables would have stopped this but I'm just trying to understand more about the problem. What other settings might have stopped this? Fail2ban was running but there were no "failed registration" type messages that would have triggered it. [May 31 01:47:40] NOTICE[2544][C-00000001] chan_sip.c: Call from '' (188.161.238.232:28203) to extension '972595595767' rejected because extension not found in context 'default'. [May 31 01:47:40] VERBOSE[2544][C-00000002] netsock2.c: == Using SIP RTP CoS mark 5 [May 31 01:47:40] NOTICE[2544][C-00000002] chan_sip.c: Call from '' (188.161.238.232:28203) to extension '00972595595767' rejected because extension not found in context 'default'. [May 31 01:47:41] VERBOSE[2544][C-00000003] netsock2.c: == Using SIP RTP CoS mark 5 [May 31 01:47:41] NOTICE[2544][C-00000003] chan_sip.c: Call from '' (188.161.238.232:28203) to extension '000972595595767' rejected because extension not found in context 'default'. [May 31 01:47:41] VERBOSE[2544][C-00000004] netsock2.c: == Using SIP RTP CoS mark 5 [May 31 01:47:41] NOTICE[2544][C-00000004] chan_sip.c: Call from '' (188.161.238.232:28203) to extension '011972595595767' rejected because extension not found in context 'default'. <snip> -- Chris
... an anonyous (not registerted) sip user from 188.161.238.232 was trying to initiate a call to 9725955 and so on... you could enable sip tracing to get more information. maybe you should change the 'allowguest' option in sip.conf..? regards, yves Am 31.05.2013 23:57, schrieb Chris Gentle:> OK, I need a bit of help here. I'm configuring a new Asterisk 11 > system and I accidentally let my firewall rules drop for a day or so. > When I logged in today, I found messages like the ones below on my > asterisk console. Obviously somebody was trying to take advantage of > my carelessness. So can someone explain what would cause these types > of messages to show up on my console? > > I understand that my iptables would have stopped this but I'm just > trying to understand more about the problem. What other settings > might have stopped this? Fail2ban was running but there were no > "failed registration" type messages that would have triggered it. > > [May 31 01:47:40] NOTICE[2544][C-00000001] chan_sip.c: Call from '' > (188.161.238.232:28203) to extension '972595595767' rejected because > extension not found in context 'default'. > [May 31 01:47:40] VERBOSE[2544][C-00000002] netsock2.c: == Using SIP > RTP CoS mark 5 > [May 31 01:47:40] NOTICE[2544][C-00000002] chan_sip.c: Call from '' > (188.161.238.232:28203) to extension '00972595595767' rejected because > extension not found in context 'default'. > [May 31 01:47:41] VERBOSE[2544][C-00000003] netsock2.c: == Using SIP > RTP CoS mark 5 > [May 31 01:47:41] NOTICE[2544][C-00000003] chan_sip.c: Call from '' > (188.161.238.232:28203) to extension '000972595595767' rejected > because extension not found in context 'default'. > [May 31 01:47:41] VERBOSE[2544][C-00000004] netsock2.c: == Using SIP > RTP CoS mark 5 > [May 31 01:47:41] NOTICE[2544][C-00000004] chan_sip.c: Call from '' > (188.161.238.232:28203) to extension '011972595595767' rejected > because extension not found in context 'default'. > <snip> > > > -- > Chris > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
Top of sip.conf <quote> ; ; SIP Configuration example for Asterisk ; ; Note: Please read the security documentation for Asterisk in order to ; understand the risks of installing Asterisk with the sample ; configuration. If your Asterisk is installed on a public ; IP address connected to the Internet, you will want to learn ; about the various security settings BEFORE you start ; Asterisk. ; ; Especially note the following settings: ; - allowguest (default enabled) ; - permit/deny/acl - IP address filters ; - contactpermit/contactdeny/contactacl - IP address filters for registrations ; - context - Which set of services you offer various users ; </quote> In other words: allowguest = yes, is the default. But in trunk the context for guest is [public], yours started in the [default] context Alec> -----Original Message----- > From: asterisk-users-bounces at lists.digium.com > [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of > Chris Gentle > Sent: Saturday, 1 June 2013 9:57 a.m. > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: [asterisk-users] Help me understand these log messages > > OK, I need a bit of help here. I'm configuring a new > Asterisk 11 system and I accidentally let my firewall rules > drop for a day or so. > When I logged in today, I found messages like the ones below > on my asterisk console. Obviously somebody was trying to > take advantage of my carelessness. So can someone explain > what would cause these types of messages to show up on my console? > > I understand that my iptables would have stopped this but I'm > just trying to understand more about the problem. What other > settings might have stopped this? Fail2ban was running but > there were no "failed registration" type messages that would > have triggered it. > > [May 31 01:47:40] NOTICE[2544][C-00000001] chan_sip.c: Call from '' > (188.161.238.232:28203) to extension '972595595767' rejected > because extension not found in context 'default'. > [May 31 01:47:40] VERBOSE[2544][C-00000002] netsock2.c: == Using SIP > RTP CoS mark 5 > [May 31 01:47:40] NOTICE[2544][C-00000002] chan_sip.c: Call from '' > (188.161.238.232:28203) to extension '00972595595767' > rejected because extension not found in context 'default'. > [May 31 01:47:41] VERBOSE[2544][C-00000003] netsock2.c: == Using SIP > RTP CoS mark 5 > [May 31 01:47:41] NOTICE[2544][C-00000003] chan_sip.c: Call from '' > (188.161.238.232:28203) to extension '000972595595767' > rejected because extension not found in context 'default'. > [May 31 01:47:41] VERBOSE[2544][C-00000004] netsock2.c: == Using SIP > RTP CoS mark 5 > [May 31 01:47:41] NOTICE[2544][C-00000004] chan_sip.c: Call from '' > (188.161.238.232:28203) to extension '011972595595767' > rejected because extension not found in context 'default'. > <snip> > > > -- > Chris > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by > http://www.api-digital.com -- New to Asterisk? Join us for a > live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users