[asterisk-users] Attempted break in ?
William Stillwell (Lists)
william.stillwell-lists at ablebody.net
Mon Jan 11 07:53:10 CST 2010
I have the issue where they hit me, get no where, and then my box tells them
invalid context, and it timeouts connecting back to them..
And I get these :(
[Jan 10 19:49:06] WARNING[4103] chan_sip.c: Maximum retries exceeded on
transmission 209673377-00012714169-309054985 at 117.34.72.42 for seqno 102
(Critical Response) -- See doc/sip-retransmit.txt.
[Jan 10 19:47:54] WARNING[4103] chan_sip.c: Maximum retries exceeded on
transmission 884102335-00336475737-1530114800 at 211.100.41.168 for seqno 102
(Critical Response) -- See doc/sip-retransmit.txt.
[Jan 10 19:50:44] WARNING[4103] chan_sip.c: Maximum retries exceeded on
transmission 1764785158-00040211250-353023050 at 117.34.72.42 for seqno 102
(Critical Response) -- See doc/sip-retransmit.txt.
My default context = congestion, and guest=no but still get people trying to
connect.
-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of --[ UxBoD ]--
Sent: Monday, January 11, 2010 8:26 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Attempted break in ?
----- "Robert Lister" <robl at lentil.org> wrote:
| On Mon, 2010-01-11 at 10:45 +0000, --[ UxBoD ]-- wrote:
| > Hi,
| >
| > I am starting to see a lot of these:
| >
| > [Jan 10 01:18:56] NOTICE[5627] chan_sip.c: Call from '' to extension
| '33155786056' rejected because extension not found.
| > [Jan 10 01:52:47] NOTICE[5627] chan_sip.c: Call from '' to extension
| '033155786056' rejected because extension not found.
| > [Jan 10 02:26:36] NOTICE[5627] chan_sip.c: Call from '' to extension
| '0#33155786056' rejected because extension not found.
|
| Yes, looks like it. Make sure that your sip.conf "context=" default
| context points to a context that cannot make external calls.
|
| (Or, if your asterisk box does not need to accept connections from
| anyone externally then restrict what can connect to it with firewall
| rules or an access-list.)
|
| Although I had locked down the SIP config already, I was almost
| caught
| out recently by one of these attackers, where somebody was trying to
| make calls over *H323* as that ALSO has a 'default' context similar
| to
| sip.conf (although the calls did not succeed because before an
| outbound
| call is placed, we check the caller ID is within an expected range,
| in
| order to set the correct outbound CLI, but were that check not in
| place,
| then it probably would have succeeded.)
|
| H323 seemed to be enabled by default, so I just disabled the H.323
| module as we do not use it.
|
|
| Rob
|
|
|
|
| --
| _____________________________________________________________________
| -- Bandwidth and Colocation Provided by http://www.api-digital.com --
|
| asterisk-users mailing list
| To UNSUBSCRIBE or update options visit:
| http://lists.digium.com/mailman/listinfo/asterisk-users
Naughty people ;) yeah inbound SIP context is locked down.
--
Thanks - Phil
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
More information about the asterisk-users
mailing list