<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi Felix,<br>
<br>
you have several things to check:<br>
<br>
netstat -a -n --udp --tcp<br>
<br>
will show you connections and connection attempts on network layer
level.<br>
You have to look for incoming connections to port 5060 and if the
call has been established for connections on your rtp ports. (see
rtp.conf).<br>
If you can see connections not supposed to be there: thats your
intruder ;-)<br>
<br>
I suggest you disable guest calls and you configure a default
context in which dialed extensions can't be routed to charged
destinations.<br>
<br>
sip.conf:<br>
allowguests=no<br>
defaultcontext=default<br>
<br>
extensions.conf:<br>
[default]<br>
exten => _X.,1,Answer()<br>
exten => _X.,n,PlayBack(silence/1)<br>
exten => _X.,n,PlayBack(ss-noservice)<br>
exten => _X.,n,PlayBack(silence/1)<br>
exten => _X.,n,MusicOnHold(default,10)<br>
exten => _X.,n,PlayBack(silence/1)<br>
exten => _X.,n,PlayBack(vm-goodbye)<br>
exten => _X.,n,HangUp()<br>
<br>
The next step would be using fail2ban or something similiar to
check the asterisk log for intruders.<br>
fail2ban recognized them and dynamically sets appropriate firewall
rules.<br>
<br>
Good luck.<br>
<br>
best regards,<br>
Ruben<br>
<br>
<br>
<br>
<div class="moz-cite-prefix">Am 16.11.2012 17:20, schrieb Felix
Vazquez:<br>
</div>
<blockquote
cite="mid:4567A733EAEAC0469D1D4DFDFF61F16163C5CF@srv-va-mail01.uavcomm.local"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<style>
<!--
@font-face
{font-family:Calibri}
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif"}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline}
span.EmailStyle17
{font-family:"Calibri","sans-serif";
color:windowtext}
.MsoChpDefault
{font-family:"Calibri","sans-serif"}
@page WordSection1
{margin:1.0in 1.0in 1.0in 1.0in}
div.WordSection1
{}
-->
</style>
<div class="WordSection1">
<p class="MsoNormal">I am in the asterisk CLI and can see an
unidentified caller trying the make calls out of the asterisk
system. How do I stop them? How do I identify them and how can
I see how the go in?</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">This is an example of what I would see:</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> NOTICE[4098]:
chan_sip.c:20063 handle_request_invite: Call
<b><span style="font-size:14.0pt">from '' </span></b>to
extension '90111235551212' rejected because extension not
found.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Felix</p>
</div>
<br>
<hr>
<font color="Gray" size="1" face="Arial"><br>
This electronic message contains information from BOSH Global
Services which may be company sensitive, proprietary, privileged
or otherwise protected from disclosure. The information is
intended to be used solely by the recipient(s) named above. If
you are not an intended recipient, be aware that any review,
disclosure, copying, distribution or use of this transmission or
its contents is prohibited. If you have received this
transmission in error, please notify the sender immediately.<br>
</font>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by <a class="moz-txt-link-freetext" href="http://www.api-digital.com">http://www.api-digital.com</a> --
New to Asterisk? Join us for a live introductory webinar every Thurs:
<a class="moz-txt-link-freetext" href="http://www.asterisk.org/hello">http://www.asterisk.org/hello</a>
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
<a class="moz-txt-link-freetext" href="http://lists.digium.com/mailman/listinfo/asterisk-users">http://lists.digium.com/mailman/listinfo/asterisk-users</a></pre>
</blockquote>
<br>
</body>
</html>