thanks for the replies.<br><br>I dont want to rule-out the possibility
of network sniffing. I am sure its not an inside job. The server is
off-site and is hosted by a very well reputed hosting company. So if
someone is sniffing, what should I do?<div class="im"><br>
<br>>Probably, you are receiving INVITE attacks from some tool like
sipvicious. You should rearange your network to cover some inportant
security issues.<br><br></div>I have tested sipvicious against my asterisk server already, its been secured that way.<div class="im"><br><br><div>>Probably your network is exposed to the Internet. To address those
situations, you can use a distinct VLAN to address SIP phones >and you
also can use port security at the switching ports where you connect
your ATAs and phones. You should also deliver with >tagging (802.1Q)
that VLAN to those ATAs and phones. This should protect you from inside
sniffers.</div>
>This VLAN should just communicate with the DMZ where you should
have your asterisk server and between those two networks >you
should only open the needed ports - for a common SIP infrastructure you
should open UDP 5060 and the specified UDP >range shown in rtp.conf file
for the media to pass. Phones VLAN should not communicate directlly
with the world, just in the >outbound direction if you like.<br><br></div>I will talk to my network admin about this.<br><br>I dont have any wireless network interface to our server. And I am going to apply that IP table thing to the server.<br>
<br>Any more suggestions please?<br><br><div class="gmail_quote">On Mon, Feb 28, 2011 at 4:31 PM, Ricardo Carvalho <span dir="ltr"><<a href="mailto:rjcarvalho.lists@gmail.com">rjcarvalho.lists@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div>Probably, you are receiving INVITE attacks from some tool like sipvicious. You should rearange your network to cover some inportant security issues.</div>
<div><br></div><div>The IP address of you server can be revealed in some unincrypted SIP signaling of some call through the Internet to/from your server's client, or simply by your client SRV record in the DNS, if you added it to his DNS.</div>
<div><br></div><div>Probably your network is exposed to the Internet. To address those situations, you can use a distinct VLAN to address SIP phones and you also can use port security at the switching ports where you connect your ATAs and phones. You should also deliver with tagging (802.1Q) that VLAN to those ATAs and phones. This should protect you from inside sniffers.</div>
<div>This VLAN should just communicate with the DMZ where you should have your asterisk server and between those two networks you should only open the needed ports - for a common SIP infrastructure you should open UDP 5060 and the specified UDP range shown in rtp.conf file for the media to pass. Phones VLAN should not communicate directlly with the world, just in the outbound direction if you like. </div>
<div><br></div><div>Regards,</div><div>Ricardo Carvalho.</div><br><div><br></div><div><br></div><div><br></div><div><br><br><div class="gmail_quote"><div><div></div><div class="h5">On Mon, Feb 28, 2011 at 10:33 AM, Rizwan Hisham <span dir="ltr"><<a href="mailto:rizwanhasham@gmail.com" target="_blank">rizwanhasham@gmail.com</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div><div></div><div class="h5">Hi all,<br>The problem I have been experiencing since last month is that some of my customers are getting calls with "Asterisk <Unknown>" caller id. Most of them in the middle of the night. And my asterisk server has no record of these calls. The customers were getting irritated as you can imagine. I guessed the only way to receive incoming calls by by-passing the registration server is thru sip-uri calls directly to customers. I have updated the customers atas to not accept any calls from sources other than the registration server. Thats all fine now. But the question is how can anyone know the direct sip uri addresses of our customers.<br>
<br>My guess is that someone has been sniffing my server's sip traffic. In that case what should i do to get rid of the sniffers?<br><br>If you think there is another reason for that then please tell me even if you dont have the solution.<br>
<br>Thanks<br><font color="#888888"><br>-- <br><font color="#888888"><div>Best Ragards</div><div>Rizwan Qureshi</div><div>VoIP/Asterisk Engineer</div><div>Axvoice Inc.</div>
<div>V: +92 (0) 3333 6767 26</div><div>E: <a href="mailto:rizwanhasham@gmail.com" target="_blank">rizwanhasham@gmail.com</a></div><div>W: <a href="http://www.axvoice.com/" target="_blank">www.axvoice.com</a></div></font><br>
</font><br></div></div><div class="im">--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br></div></blockquote></div><br></div>
</blockquote></div><br><br clear="all"><br>-- <br><font color="#888888"><div>Best Ragards</div><div>Rizwan Qureshi</div><div>VoIP/Asterisk Engineer</div><div>Axvoice Inc.</div>
<div>V: +92 (0) 3333 6767 26</div><div>E: <a href="mailto:rizwanhasham@gmail.com" target="_blank">rizwanhasham@gmail.com</a></div><div>W: <a href="http://www.axvoice.com/" target="_blank">www.axvoice.com</a></div></font><br>