[asterisk-users] getting invites to rtp ports ??
Telium Support Group
support at telium.ca
Wed Aug 29 10:59:21 CDT 2018
Block a single IP is the wrong approach (whack-a-mole). You should consider a more comprehensive approach to securing your VoIP environment. Have a look at this wiki:
From: asterisk-users [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of sean darcy
Sent: Wednesday, August 29, 2018 10:46 AM
To: asterisk-users at lists.digium.com
Subject: Re: [asterisk-users] getting invites to rtp ports ??
On 08/29/2018 09:42 AM, Carlos Rojas wrote:
> Probably somebody is trying to hack your system, you should block that
> ip on your firewall.
> On Wed, Aug 29, 2018 at 9:34 AM, sean darcy <seandarcy2 at gmail.com
> <mailto:seandarcy2 at gmail.com>> wrote:
> I'm getting invites to very high ports every 30 seconds from a
> particular ip address:
> Retransmitting #10 (NAT) to 188.8.131.52:52734
> SIP/2.0 401 Unauthorized
> Via: SIP/2.0/UDP
> From: <sip:37120116780191250 at 184.108.40.206
> <mailto:sip%3A37120116780191250 at 220.127.116.11>>;tag=1872048972
> To: <sip:3712011972592181418 at 18.104.22.168
> <mailto:sip%3A3712011972592181418 at 22.214.171.124>>;tag=as3a52e748
> Call-ID: 1504207870-295758084-609228182
> CSeq: 1 INVITE
> WARNING: chan_sip.c:4127 retrans_pkt: Timeout on
> I thought invites had to go to port 5060 or so. I don't understand
> why somebody (let's assume a bad guy) is trying ports above 50000.
Ok, so the high port is not the destination port but the source port.
So I hacked the log warning in chan_sip.c on non-critical invites to show the source ip:
ast_log(LOG_WARNING, "Timeout on %s non-critic invite trans from %s.\n",
With that in the log, I'm now blocking the ip addresses.
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
Astricon is coming up October 9-11! Signup is available at: https://www.asterisk.org/community/astricon-user-conference
Check out the new Asterisk community forum at: https://community.asterisk.org/
New to Asterisk? Start here:
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
More information about the asterisk-users