[asterisk-users] SIP client floods port 5060 and gets blocked

Jonas Kellens jonas.kellens at telenet.be
Thu Oct 28 02:38:58 CDT 2010


Hello,

Is there any reason why an IP-phone would pounder on port 5060 ? My 
firewall blocks the public IP because it thinks the remote IP is port 
scanning on port 5060.

I think the phone is just registering but for some reason it does this 
repeatedly in a very short time.


Oct 28 09:01:48 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 
OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip 
DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48073 DF PROTO=UDP 
SPT=2367 DPT=5060 LEN=676
Oct 28 09:01:49 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 
OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip 
DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48074 DF PROTO=UDP 
SPT=2367 DPT=5060 LEN=676
Oct 28 09:01:50 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 
OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip 
DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48075 DF PROTO=UDP 
SPT=2367 DPT=5060 LEN=676
Oct 28 09:01:52 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 
OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip 
DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48076 DF PROTO=UDP 
SPT=2367 DPT=5060 LEN=676
Oct 28 09:01:56 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 
OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip 
DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48077 DF PROTO=UDP 
SPT=2367 DPT=5060 LEN=676
Oct 28 09:02:00 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 
OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip 
DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48078 DF PROTO=UDP 
SPT=2367 DPT=5060 LEN=676
Oct 28 09:02:04 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 
OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip 
DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48079 DF PROTO=UDP 
SPT=2367 DPT=5060 LEN=676
Oct 28 09:02:08 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 
OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip 
DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48083 DF PROTO=UDP 
SPT=2367 DPT=5060 LEN=676
Oct 28 09:02:12 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 
OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip 
DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48084 DF PROTO=UDP 
SPT=2367 DPT=5060 LEN=676
Oct 28 09:02:16 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 
OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip 
DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48085 DF PROTO=UDP 
SPT=2367 DPT=5060 LEN=676
Oct 28 09:02:20 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 
OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip 
DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48087 DF PROTO=UDP 
SPT=2367 DPT=5060 LEN=676


Any input on this ?!


Kind regards,
Jonas.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20101028/88d517e4/attachment-0001.htm 


More information about the asterisk-users mailing list