[asterisk-users] Attempted SIP connection by foreign host. Help!
Ishfaq Malik
ish at pack-net.co.uk
Tue Aug 24 08:13:10 CDT 2010
On Tue, 2010-08-24 at 14:53 +0200, Shaun Wingrin wrote:
> Say,
>
> I just picked this up on my messages!
>
> There are a whole host of these requests!
> Anyone know whow there people are? Is there a way to report them?
> Any suggestions as to how to block them?
>
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:17] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
>
> C:\>tracert 184.106.217.112
>
> Tracing route to 184-106-217-112.static.cloud-ips.com
> [184.106.217.112]
> over a maximum of 30 hops:
>
> 1 2 ms 1 ms 1 ms 192.168.10.199
> 2 5 ms 3 ms 2 ms 192.168.1.197
> 3 11 ms 14 ms 8 ms 196-210-138-1.dynamic.isadsl.co.za
> [196.210.138.1]
> 4 14 ms 9 ms 11 ms cdsl1-rba-vl2360.ip.isnet.net
> [196.38.73.133]
> 5 10 ms 9 ms 9 ms cdsl1-rba-vl150.ip.isnet.net
> [196.38.73.17]
> 6 11 ms 10 ms 12 ms core2b-rba-te2-0-1.ip.isnet.net
> [168.209.1.182]
> 7 183 ms 182 ms 183 ms mi-za-rba-p6-gi3-0-2-102.ip.isnet.net
> [168.209.164.13]
> 8 179 ms 182 ms 180 ms mi-uk-dock-p2-po3-0-2.ip.isnet.net
> [168.209.163.3]
> 9 179 ms 178 ms 178 ms core2a-dock-gi1-0-19-102.ip.isnet.net
> [168.209.164.56]
> 10 180 ms 180 ms 180 ms 168.209.246.1
> 11 233 ms 255 ms 233 ms ge-2-1-0.mpr1.lhr2.uk.above.net
> [195.66.224.76]
> 12 216 ms 214 ms 221 ms ge-5-1-0.mpr1.lhr2.uk.above.net
> [64.125.27.149]
> 13 276 ms 280 ms 283 ms so-0-1-0.mpr1.dca2.us.above.net
> [64.125.27.57]
> 14 269 ms 264 ms 260 ms so-0-1-0.mpr1.lga5.us.above.net
> [64.125.26.98]
> 15 282 ms 291 ms 294 ms xe-0-3-0.cr1.lga5.us.above.net
> [64.125.29.49]
> 16 323 ms 341 ms 295 ms xe-0-2-0.cr1.ord2.us.above.net
> [64.125.27.169]
> 17 307 ms 292 ms 293 ms xe-1-1-0.er1.ord7.above.net
> [64.125.26.250]
> 18 314 ms 308 ms 314 ms 64.124.65.218.allocated.above.net
> [64.124.65.218]
> 19 321 ms 315 ms 438 ms core1-ed2-edge3.ord1.rackspace.net
> [173.203.0.109]
> 20 310 ms 302 ms 294 ms core1-aggr301a-2.ord1.rackspace.net
> [173.203.0.173]
> 21 288 ms 296 ms 302 ms 184-106-217-112.static.cloud-ips.com
> [184.106.217.112]
>
> Trace complete.
>
>
> Thanks Shaun
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
Hi Shaun
we had something similar a few weeks back, some people are using
sipvicious to try to get into a SIP account.
There is some very good advice to follow here
http://blogs.digium.com/2009/03/28/sip-security/
--
Ishfaq Malik
Software Developer
PackNet Ltd
Office: 0161 660 3062
More information about the asterisk-users
mailing list