<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hi Felix,<br>
<br>
ngrep -W byline port 5060|grep -B1 "INVITE sip"<br>
<br>
Markus<br>
<br>
<br>
Am 16.11.2012 17:50, schrieb Ruben Rögels:<br>
</div>
<blockquote cite="mid:50A66EBF.1050801@jumping-frog.org" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
Hi Felix,<br>
<br>
you have several things to check:<br>
<br>
netstat -a -n --udp --tcp<br>
<br>
will show you connections and connection attempts on network layer
level.<br>
You have to look for incoming connections to port 5060 and if the
call has been established for connections on your rtp ports. (see
rtp.conf).<br>
If you can see connections not supposed to be there: thats your
intruder ;-)<br>
<br>
I suggest you disable guest calls and you configure a default
context in which dialed extensions can't be routed to charged
destinations.<br>
<br>
sip.conf:<br>
allowguests=no<br>
defaultcontext=default<br>
<br>
extensions.conf:<br>
[default]<br>
exten => _X.,1,Answer()<br>
exten => _X.,n,PlayBack(silence/1)<br>
exten => _X.,n,PlayBack(ss-noservice)<br>
exten => _X.,n,PlayBack(silence/1)<br>
exten => _X.,n,MusicOnHold(default,10)<br>
exten => _X.,n,PlayBack(silence/1)<br>
exten => _X.,n,PlayBack(vm-goodbye)<br>
exten => _X.,n,HangUp()<br>
<br>
The next step would be using fail2ban or something similiar to
check the asterisk log for intruders.<br>
fail2ban recognized them and dynamically sets appropriate firewall
rules.<br>
<br>
Good luck.<br>
<br>
best regards,<br>
Ruben<br>
<br>
<br>
<br>
<div class="moz-cite-prefix">Am 16.11.2012 17:20, schrieb Felix
Vazquez:<br>
</div>
<blockquote
cite="mid:4567A733EAEAC0469D1D4DFDFF61F16163C5CF@srv-va-mail01.uavcomm.local"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<style>
<!--
@font-face
{font-family:Calibri}
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif"}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline}
span.EmailStyle17
{font-family:"Calibri","sans-serif";
color:windowtext}
.MsoChpDefault
{font-family:"Calibri","sans-serif"}
@page WordSection1
{margin:1.0in 1.0in 1.0in 1.0in}
div.WordSection1
{}
-->
</style>
<div class="WordSection1">
<p class="MsoNormal">I am in the asterisk CLI and can see an
unidentified caller trying the make calls out of the
asterisk system. How do I stop them? How do I identify them
and how can I see how the go in?</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">This is an example of what I would see:</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> NOTICE[4098]:
chan_sip.c:20063 handle_request_invite: Call <b><span
style="font-size:14.0pt">from '' </span></b>to
extension '90111235551212' rejected because extension not
found.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Felix</p>
</div>
<br>
<hr> <font color="Gray" size="1" face="Arial"><br>
This electronic message contains information from BOSH Global
Services which may be company sensitive, proprietary,
privileged or otherwise protected from disclosure. The
information is intended to be used solely by the recipient(s)
named above. If you are not an intended recipient, be aware
that any review, disclosure, copying, distribution or use of
this transmission or its contents is prohibited. If you have
received this transmission in error, please notify the sender
immediately.<br>
</font> <br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.api-digital.com">http://www.api-digital.com</a> --
New to Asterisk? Join us for a live introductory webinar every Thurs:
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.asterisk.org/hello">http://www.asterisk.org/hello</a>
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.digium.com/mailman/listinfo/asterisk-users">http://lists.digium.com/mailman/listinfo/asterisk-users</a></pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by <a class="moz-txt-link-freetext" href="http://www.api-digital.com">http://www.api-digital.com</a> --
New to Asterisk? Join us for a live introductory webinar every Thurs:
<a class="moz-txt-link-freetext" href="http://www.asterisk.org/hello">http://www.asterisk.org/hello</a>
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
<a class="moz-txt-link-freetext" href="http://lists.digium.com/mailman/listinfo/asterisk-users">http://lists.digium.com/mailman/listinfo/asterisk-users</a></pre>
</blockquote>
<br>
</body>
</html>