[asterisk-users] SIP client floods port 5060 and gets blocked
Jonas Kellens
jonas.kellens at telenet.be
Thu Oct 28 02:38:58 CDT 2010
Hello,
Is there any reason why an IP-phone would pounder on port 5060 ? My
firewall blocks the public IP because it thinks the remote IP is port
scanning on port 5060.
I think the phone is just registering but for some reason it does this
repeatedly in a very short time.
Oct 28 09:01:48 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0
OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip
DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48073 DF PROTO=UDP
SPT=2367 DPT=5060 LEN=676
Oct 28 09:01:49 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0
OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip
DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48074 DF PROTO=UDP
SPT=2367 DPT=5060 LEN=676
Oct 28 09:01:50 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0
OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip
DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48075 DF PROTO=UDP
SPT=2367 DPT=5060 LEN=676
Oct 28 09:01:52 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0
OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip
DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48076 DF PROTO=UDP
SPT=2367 DPT=5060 LEN=676
Oct 28 09:01:56 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0
OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip
DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48077 DF PROTO=UDP
SPT=2367 DPT=5060 LEN=676
Oct 28 09:02:00 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0
OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip
DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48078 DF PROTO=UDP
SPT=2367 DPT=5060 LEN=676
Oct 28 09:02:04 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0
OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip
DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48079 DF PROTO=UDP
SPT=2367 DPT=5060 LEN=676
Oct 28 09:02:08 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0
OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip
DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48083 DF PROTO=UDP
SPT=2367 DPT=5060 LEN=676
Oct 28 09:02:12 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0
OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip
DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48084 DF PROTO=UDP
SPT=2367 DPT=5060 LEN=676
Oct 28 09:02:16 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0
OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip
DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48085 DF PROTO=UDP
SPT=2367 DPT=5060 LEN=676
Oct 28 09:02:20 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0
OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip
DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48087 DF PROTO=UDP
SPT=2367 DPT=5060 LEN=676
Any input on this ?!
Kind regards,
Jonas.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20101028/88d517e4/attachment-0001.htm
More information about the asterisk-users
mailing list