[Asterisk-Users] Strange connection to the outside...
Stewart Nelson
sn at scgroup.com
Fri Jun 4 04:44:56 MST 2004
Hi Martin,
This looks like a SIP reply.
I suspect that a misconfigured SIP phone or proxy is inserting
a Via: header that contains the 195.77 address, or a name that
resolves to it. Capture the packet text with your firewall,
or by running Ethereal on your * machine, or with * itself,
and the other headers should lead you to the source.
Otherwise, it's possible that an external INVITE is somehow
getting in. It's plausible that a travel company would be
using VoIP.
inetnum: 195.77.113.192 - 195.77.113.223
netname: V-SOLTOUR
descr: Viajes Soltour
descr: Corporate Access
country: ES
admin-c: MR6821-RIPE
tech-c: MR6821-RIPE
status: ASSIGNED PA
mnt-by: MAINT-AS3352
changed: administracion.ripe at telefonica-data.com 19991123
changed: administracion.ripe at telefonica-data.com 20030725
source: RIPE
person: Mateo Ramon
address: Viajes Soltour
address: Casp 17, 3 Planta
address: Barcelona 08010
address: SPAIN
phone: +34 971 787000
fax-no: +34 971 457106
e-mail: root at v-soltour.es
nic-hdl: MR6821-RIPE
mnt-by: MAINT-AS3352
changed: olga.luna at telefonica-data.com 19991123
source: RIPE
--Stewart
-----Original Message-----
Date: Fri, 04 Jun 2004 10:30:30 +0200
From: Martin Mielke <martin.mielke at thales-is.com>
To: asterisk-users at lists.digium.com
Subject: [Asterisk-Users] Strange connection to the outside...
Reply-To: asterisk-users at lists.digium.com
Hi all,
for some strange reason, our still-under-test Asterisk deployment wants
to contact the outside world and that raised some eyebrows here...
Just a sample of our firewall log:
--
...a=DROPIN=eth0 OUT=eth2 SRC=192.168.36.199 DST=195.77.113.194 LEN=476
TOS=0x10 PREC=0x00 TTL=62 ID=39572 DF PROTO=UDP SPT=5060 DPT=62975 LEN=456
--
Why is this happening? We got no relationship with the DST IP address
and external access is not allowed.
Any ideas?
Martin
More information about the asterisk-users
mailing list