The SIP trace shows messages from what I took to be a suspicious
connection from sip:ping at noname.com so I added that IP address to IP
tables...but then anveo showed as unreachable so I removed that rule.
Yes, I'm running fail2ban.
What are these messages from sip:ping at noname.com? The domain name alone
set off alarm bells for me. (I was looking for my own registration
attempts when I turned on SIP debugging.)
SIP trace:
fqdn*CLI>
fqdn*CLI> sip set debug on
SIP Debugging enabled
fqdn*CLI>
<--- SIP read from UDP:67.212.84.21:5010 --->
OPTIONS sip:s at xxx.xxx.xxx.xxx:5060 SIP/2.0
Via: SIP/2.0/UDP 67.212.84.21:5010;branch=0
From: sip:ping at noname.com;tag=uloc-5875e606-bf5-dea1e-52564b36-00fe47a3
To: sip:s at xxx.xxx.xxx.xxx:5060
Call-ID: cb004ab7-97b14601-e7ade23 at 67.212.84.21
CSeq: 1 OPTIONS
Content-Length: 0
<------------->
--- (7 headers 0 lines) ---
Sending to 67.212.84.21:5010 (NAT)
Looking for s in default (domain xxx.xxx.xxx.xxx)
<--- Transmitting (NAT) to 67.212.84.21:5010 --->
SIP/2.0 200 OK
Via: SIP/2.0/UDP
67.212.84.21:5010;branch=0;received=67.212.84.21;rport=5010
From: sip:ping at noname.com;tag=uloc-5875e606-bf5-dea1e-52564b36-00fe47a3
To: sip:s at xxx.xxx.xxx.xxx:5060;tag=as5f595fce
Call-ID: cb004ab7-97b14601-e7ade23 at 67.212.84.21
CSeq: 1 OPTIONS
Server: Asterisk PBX 13.1.0~dfsg-1.1ubuntu4
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO,
PUBLISH, MESSAGE
Supported: replaces, timer
Contact: <sip:xxx.xxx.xxx.xxx:5060>
Accept: application/sdp
Content-Length: 0
<------------>
Scheduling destruction of SIP dialog
'cb004ab7-97b14601-e7ade23 at 67.212.84.21' in 32000 ms (Method:
OPTIONS)
Really destroying SIP dialog 'cb004ab7-90004601-06ade23 at 67.212.84.21'
Method: OPTIONS
Reliably Transmitting (NAT) to 67.212.84.21:5010:
OPTIONS sip:sip.anveo.com SIP/2.0
Via: SIP/2.0/UDP xxx.xxx.xxx.xxx:5060;branch=z9hG4bK601302be;rport
Max-Forwards: 70
From: "asterisk" <sip:asterisk at
xxx.xxx.xxx.xxx>;tag=as194a0afc
To: <sip:sip.anveo.com>
Contact: <sip:asterisk at xxx.xxx.xxx.xxx:5060>
Call-ID: 6e15b7534a1b1e852464e02a5fca4e42 at xxx.xxx.xxx.xxx:5060
CSeq: 102 OPTIONS
User-Agent: Asterisk PBX 13.1.0~dfsg-1.1ubuntu4
Date: Wed, 11 Jan 2017 14:56:43 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO,
PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0
---
<--- SIP read from UDP:67.212.84.21:5010 --->
SIP/2.0 200 OK
Via: SIP/2.0/UDP
xxx.xxx.xxx.xxx:5060;branch=z9hG4bK601302be;rport=5060;received=xxx.xxx.xxx.xxx
From: "asterisk" <sip:asterisk at
xxx.xxx.xxx.xxx>;tag=as194a0afc
To: <sip:sip.anveo.com>;tag=a1766e4537c6d6082807422b1789bf43.b9ae
Call-ID: 6e15b7534a1b1e852464e02a5fca4e42 at xxx.xxx.xxx.xxx:5060
CSeq: 102 OPTIONS
Server: Anv Edge Proxy 3.5
Content-Length: 0
<------------->
--- (8 headers 0 lines) ---
Really destroying SIP dialog
'6e15b7534a1b1e852464e02a5fca4e42 at xxx.xxx.xxx.xxx:5060' Method:
OPTIONS
fqdn*CLI> sip set debug off
SIP Debugging Disabled
fqdn*CLI>
fqdn*CLI> sip show peers
Name/username Host Dyn
Forcerport Comedia ACL Port Status Description
anveo/1234567890 67.212.84.21 Yes
Yes 5010 OK (78 ms)
demo_alice (Unspecified) D Yes
Yes 0 UNKNOWN
demo_bob (Unspecified) D Yes
Yes 0 UNKNOWN
piter (Unspecified) D Yes
Yes 0 UNKNOWN
thufir (Unspecified) D Yes
Yes 0 UNKNOWN
5 sip peers [Monitored: 1 online, 4 offline Unmonitored: 0 online, 0
offline]
fqdn*CLI>
fqdn*CLI> sip show peer anveo
* Name : anveo
Description :
Secret : <Set>
MD5Secret : <Not set>
Remote Secret: <Not set>
Context : from-anveo
Record On feature : automon
Record Off feature : automon
Subscr.Cont. : <Not set>
Language :
Tonezone : <Not set>
AMA flags : Unknown
Transfer mode: open
CallingPres : Presentation Allowed, Not Screened
Callgroup :
Pickupgroup :
Named Callgr :
Nam. Pickupgr:
MOH Suggest :
Mailbox :
VM Extension : asterisk
LastMsgsSent : 0/0
Call limit : 0
Max forwards : 0
Dynamic : No
Callerid : "" <>
MaxCallBR : 384 kbps
Expire : -1
Insecure : port,invite
Force rport : Yes
Symmetric RTP: Yes
ACL : No
DirectMedACL : No
T.38 support : No
T.38 EC mode : Unknown
T.38 MaxDtgrm: 4294967295
DirectMedia : Yes
PromiscRedir : No
User=Phone : No
Video Support: No
Text Support : No
Ign SDP ver : No
Trust RPID : No
Send RPID : No
Path support : No
Path : N/A
TrustIDOutbnd: Legacy
Subscriptions: Yes
Overlap dial : Yes
DTMFmode : rfc2833
Timer T1 : 500
Timer B : 32000
ToHost : sip.anveo.com
Addr->IP : 67.212.84.21:5010
Defaddr->IP : (null)
Prim.Transp. : UDP
Allowed.Trsp : UDP
Def. Username: 1234567890
SIP Options : (none)
Codecs : (ulaw)
Auto-Framing : No
Status : OK (78 ms)
Useragent :
Reg. Contact :
Qualify Freq : 60000 ms
Keepalive : 0 ms
Sess-Timers : Accept
Sess-Refresh : uas
Sess-Expires : 1800 secs
Min-Sess : 90 secs
RTP Engine : asterisk
Parkinglot :
Use Reason : No
Encryption : No
fqdn*CLI>
fqdn*CLI> sip show registry
Host dnsmgr Username Refresh
State Reg.Time
sip.anveo.com:5010 N 1234567890 165
Registered Wed, 11 Jan 2017 14:55:28
1 SIP registrations.
fqdn*CLI>
fqdn*CLI>
thanks,
Thufir