[asterisk-users] Attempted SIP connection by foreign host. Help!

Ishfaq Malik ish at pack-net.co.uk
Tue Aug 24 08:13:10 CDT 2010


On Tue, 2010-08-24 at 14:53 +0200, Shaun Wingrin wrote:
> Say,
>  
> I just picked this up on my messages!
>  
> There are a whole host of these requests!
> Anyone know whow there people are? Is there a way to report them?
> Any suggestions as to how to block them?
>  
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:16] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
> [Aug 23 10:34:17] NOTICE[1010] chan_sip.c: Registration from '"912"
> <sip:1 at 41.1.1.1>' failed for '184.106.217.112' - Wrong password
>  
> C:\>tracert 184.106.217.112
>  
> Tracing route to 184-106-217-112.static.cloud-ips.com
> [184.106.217.112]
> over a maximum of 30 hops:
>  
>   1     2 ms     1 ms     1 ms  192.168.10.199
>   2     5 ms     3 ms     2 ms  192.168.1.197
>   3    11 ms    14 ms     8 ms  196-210-138-1.dynamic.isadsl.co.za
> [196.210.138.1]
>   4    14 ms     9 ms    11 ms  cdsl1-rba-vl2360.ip.isnet.net
> [196.38.73.133]
>   5    10 ms     9 ms     9 ms  cdsl1-rba-vl150.ip.isnet.net
> [196.38.73.17]
>   6    11 ms    10 ms    12 ms  core2b-rba-te2-0-1.ip.isnet.net
> [168.209.1.182]
>   7   183 ms   182 ms   183 ms  mi-za-rba-p6-gi3-0-2-102.ip.isnet.net
> [168.209.164.13]
>   8   179 ms   182 ms   180 ms  mi-uk-dock-p2-po3-0-2.ip.isnet.net
> [168.209.163.3]
>   9   179 ms   178 ms   178 ms  core2a-dock-gi1-0-19-102.ip.isnet.net
> [168.209.164.56]
>  10   180 ms   180 ms   180 ms  168.209.246.1
>  11   233 ms   255 ms   233 ms  ge-2-1-0.mpr1.lhr2.uk.above.net
> [195.66.224.76]
>  12   216 ms   214 ms   221 ms  ge-5-1-0.mpr1.lhr2.uk.above.net
> [64.125.27.149]
>  13   276 ms   280 ms   283 ms  so-0-1-0.mpr1.dca2.us.above.net
> [64.125.27.57]
>  14   269 ms   264 ms   260 ms  so-0-1-0.mpr1.lga5.us.above.net
> [64.125.26.98]
>  15   282 ms   291 ms   294 ms  xe-0-3-0.cr1.lga5.us.above.net
> [64.125.29.49]
>  16   323 ms   341 ms   295 ms  xe-0-2-0.cr1.ord2.us.above.net
> [64.125.27.169]
>  17   307 ms   292 ms   293 ms  xe-1-1-0.er1.ord7.above.net
> [64.125.26.250]
>  18   314 ms   308 ms   314 ms  64.124.65.218.allocated.above.net
> [64.124.65.218]
>  19   321 ms   315 ms   438 ms  core1-ed2-edge3.ord1.rackspace.net
> [173.203.0.109]
>  20   310 ms   302 ms   294 ms  core1-aggr301a-2.ord1.rackspace.net
> [173.203.0.173]
>  21   288 ms   296 ms   302 ms  184-106-217-112.static.cloud-ips.com
> [184.106.217.112]
>  
> Trace complete.
> 
> 
> Thanks Shaun
> -- 
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>                http://www.asterisk.org/hello
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users

Hi Shaun

we had something similar a few weeks back, some people are using
sipvicious to try to get into a SIP account.

There is some very good advice to follow here

http://blogs.digium.com/2009/03/28/sip-security/



-- 
Ishfaq Malik
Software Developer
PackNet Ltd

Office:   0161 660 3062




More information about the asterisk-users mailing list