[asterisk-users] SIP invite timeouts : how is someone sending invites from our server ??
sean darcy
seandarcy2 at gmail.com
Sat Dec 30 17:49:17 CST 2017
I've been getting a lot of timeouts on non-critical invite transactions.
I turned on sip debug. They were the result of SIP invites like this:
Retransmitting #10 (NAT) to 185.107.94.10:13057:
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP
215.45.145.211:5060;branch=z9hG4bK-524287-1---zg4cfkl50hpwpv4p;received=185.107.94.10;rport=13057
From: <sip:a'or'3=3--@<myip-address>;transport=UDP>;tag=fptfih1e
To: <sip:00141225184741@<myip-address>;transport=UDP>;tag=as2913c67b
Call-ID: 5YpLDUSIs6l3xbDXsurYTu..
CSeq: 1 INVITE
Server: Asterisk PBX 13.19.0-rc1
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY,
INFO, PUBLISH, MESSAGE
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk_home",
nonce="14be1363"
Content-Length: 0
---
WARNING[1868]: chan_sip.c:4065 retrans_pkt: Retransmission timeout
reached on transmission 5YpLDUSIs6l3xbDXsurYTu.. for seqno 1
(Non-critical Response) -- See
https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32000ms with no response
WARNING[1868]: chan_sip.c:4124 retrans_pkt: Timeout on
5YpLDUSIs6l3xbDXsurYTu.. on non-critical invite transaction.
Looking up the ip addresses :
whois 185.107.94.10
.............
inetnum: 185.107.94.0 - 185.107.94.255
netname: NFORCE_ENTERTAINMENT
descr: Serverhosting
..................
organisation: ORG-NE3-RIPE
org-name: NForce Entertainment B.V.
org-type: LIR
address: Postbus 1142
address: 4700BC
address: Roosendaal
address: NETHERLANDS
phone: +31206919299
...................
whois 215.45.145.211
.................
NetRange: 215.0.0.0 - 215.255.255.255
CIDR: 215.0.0.0/8
NetName: DNIC-NET-215
NetHandle: NET-215-0-0-0-1
Parent: ()
NetType: Direct Assignment
OriginAS:
Organization: DoD Network Information Center (DNIC)
RegDate: 1998-06-04
Updated: 2011-06-21
Ref: https://whois.arin.net/rest/net/NET-215-0-0-0-1
OrgName: DoD Network Information Center
OrgId: DNIC
Address: 3990 E. Broad Street
City: Columbus
StateProv: OH
So how is someone on a Dutch ISP using my server to mess with a US DoD
ip address ?
More information about the asterisk-users
mailing list