[asterisk-users] sip:ping at noname.com

Thufir Hawat hawat.thufir at gmail.com
Wed Jan 11 09:09:44 CST 2017


The SIP trace shows messages from what I took to be a suspicious 
connection from sip:ping at noname.com so I added that IP address to IP 
tables...but then anveo showed as unreachable so I removed that rule.

Yes, I'm running fail2ban.

What are these messages from sip:ping at noname.com?  The domain name alone 
set off alarm bells for me.  (I was looking for my own registration 
attempts when I turned on SIP debugging.)



SIP trace:

fqdn*CLI>
fqdn*CLI> sip set debug on
SIP Debugging enabled
fqdn*CLI>

<--- SIP read from UDP:67.212.84.21:5010 --->
OPTIONS sip:s at xxx.xxx.xxx.xxx:5060 SIP/2.0
Via: SIP/2.0/UDP 67.212.84.21:5010;branch=0
From: sip:ping at noname.com;tag=uloc-5875e606-bf5-dea1e-52564b36-00fe47a3
To: sip:s at xxx.xxx.xxx.xxx:5060
Call-ID: cb004ab7-97b14601-e7ade23 at 67.212.84.21
CSeq: 1 OPTIONS
Content-Length: 0

<------------->
--- (7 headers 0 lines) ---
Sending to 67.212.84.21:5010 (NAT)
Looking for s in default (domain xxx.xxx.xxx.xxx)

<--- Transmitting (NAT) to 67.212.84.21:5010 --->
SIP/2.0 200 OK
Via: SIP/2.0/UDP 
67.212.84.21:5010;branch=0;received=67.212.84.21;rport=5010
From: sip:ping at noname.com;tag=uloc-5875e606-bf5-dea1e-52564b36-00fe47a3
To: sip:s at xxx.xxx.xxx.xxx:5060;tag=as5f595fce
Call-ID: cb004ab7-97b14601-e7ade23 at 67.212.84.21
CSeq: 1 OPTIONS
Server: Asterisk PBX 13.1.0~dfsg-1.1ubuntu4
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, 
PUBLISH, MESSAGE
Supported: replaces, timer
Contact: <sip:xxx.xxx.xxx.xxx:5060>
Accept: application/sdp
Content-Length: 0


<------------>
Scheduling destruction of SIP dialog 
'cb004ab7-97b14601-e7ade23 at 67.212.84.21' in 32000 ms (Method: OPTIONS)
Really destroying SIP dialog 'cb004ab7-90004601-06ade23 at 67.212.84.21' 
Method: OPTIONS
Reliably Transmitting (NAT) to 67.212.84.21:5010:
OPTIONS sip:sip.anveo.com SIP/2.0
Via: SIP/2.0/UDP xxx.xxx.xxx.xxx:5060;branch=z9hG4bK601302be;rport
Max-Forwards: 70
From: "asterisk" <sip:asterisk at xxx.xxx.xxx.xxx>;tag=as194a0afc
To: <sip:sip.anveo.com>
Contact: <sip:asterisk at xxx.xxx.xxx.xxx:5060>
Call-ID: 6e15b7534a1b1e852464e02a5fca4e42 at xxx.xxx.xxx.xxx:5060
CSeq: 102 OPTIONS
User-Agent: Asterisk PBX 13.1.0~dfsg-1.1ubuntu4
Date: Wed, 11 Jan 2017 14:56:43 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, 
PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0


---

<--- SIP read from UDP:67.212.84.21:5010 --->
SIP/2.0 200 OK
Via: SIP/2.0/UDP 
xxx.xxx.xxx.xxx:5060;branch=z9hG4bK601302be;rport=5060;received=xxx.xxx.xxx.xxx
From: "asterisk" <sip:asterisk at xxx.xxx.xxx.xxx>;tag=as194a0afc
To: <sip:sip.anveo.com>;tag=a1766e4537c6d6082807422b1789bf43.b9ae
Call-ID: 6e15b7534a1b1e852464e02a5fca4e42 at xxx.xxx.xxx.xxx:5060
CSeq: 102 OPTIONS
Server: Anv Edge Proxy 3.5
Content-Length: 0

<------------->
--- (8 headers 0 lines) ---
Really destroying SIP dialog 
'6e15b7534a1b1e852464e02a5fca4e42 at xxx.xxx.xxx.xxx:5060' Method: OPTIONS
fqdn*CLI> sip set debug off
SIP Debugging Disabled
fqdn*CLI>
fqdn*CLI> sip show peers
Name/username             Host                                    Dyn 
Forcerport Comedia    ACL Port     Status      Description
anveo/1234567890          67.212.84.21                                Yes 
Yes            5010     OK (78 ms)
demo_alice                (Unspecified)                            D  Yes 
Yes            0        UNKNOWN
demo_bob                  (Unspecified)                            D  Yes 
Yes            0        UNKNOWN
piter                     (Unspecified)                            D  Yes 
Yes            0        UNKNOWN
thufir                    (Unspecified)                            D  Yes 
Yes            0        UNKNOWN
5 sip peers [Monitored: 1 online, 4 offline Unmonitored: 0 online, 0 
offline]
fqdn*CLI>
fqdn*CLI> sip show peer anveo


   * Name       : anveo
   Description  :
   Secret       : <Set>
   MD5Secret    : <Not set>
   Remote Secret: <Not set>
   Context      : from-anveo
   Record On feature : automon
   Record Off feature : automon
   Subscr.Cont. : <Not set>
   Language     :
   Tonezone     : <Not set>
   AMA flags    : Unknown
   Transfer mode: open
   CallingPres  : Presentation Allowed, Not Screened
   Callgroup    :
   Pickupgroup  :
   Named Callgr :
   Nam. Pickupgr:
   MOH Suggest  :
   Mailbox      :
   VM Extension : asterisk
   LastMsgsSent : 0/0
   Call limit   : 0
   Max forwards : 0
   Dynamic      : No
   Callerid     : "" <>
   MaxCallBR    : 384 kbps
   Expire       : -1
   Insecure     : port,invite
   Force rport  : Yes
   Symmetric RTP: Yes
   ACL          : No
   DirectMedACL : No
   T.38 support : No
   T.38 EC mode : Unknown
   T.38 MaxDtgrm: 4294967295
   DirectMedia  : Yes
   PromiscRedir : No
   User=Phone   : No
   Video Support: No
   Text Support : No
   Ign SDP ver  : No
   Trust RPID   : No
   Send RPID    : No
   Path support : No
   Path         : N/A
   TrustIDOutbnd: Legacy
   Subscriptions: Yes
   Overlap dial : Yes
   DTMFmode     : rfc2833
   Timer T1     : 500
   Timer B      : 32000
   ToHost       : sip.anveo.com
   Addr->IP     : 67.212.84.21:5010
   Defaddr->IP  : (null)
   Prim.Transp. : UDP
   Allowed.Trsp : UDP
   Def. Username: 1234567890
   SIP Options  : (none)
   Codecs       : (ulaw)
   Auto-Framing : No
   Status       : OK (78 ms)
   Useragent    :
   Reg. Contact :
   Qualify Freq : 60000 ms
   Keepalive    : 0 ms
   Sess-Timers  : Accept
   Sess-Refresh : uas
   Sess-Expires : 1800 secs
   Min-Sess     : 90 secs
   RTP Engine   : asterisk
   Parkinglot   :
   Use Reason   : No
   Encryption   : No

fqdn*CLI>
fqdn*CLI> sip show registry
Host                                    dnsmgr Username       Refresh 
State                Reg.Time
sip.anveo.com:5010                   N      1234567890         165 
Registered           Wed, 11 Jan 2017 14:55:28
1 SIP registrations.
fqdn*CLI>
fqdn*CLI>





thanks,

Thufir



More information about the asterisk-users mailing list