> Very strange...
> I ran the Asterisk CLI for other tasks, and suddenly I got this message:
>
> == Using SIP RTP CoS mark 5
> -- Executing [000972592603325@default:1] Verbose("SIP/192.168.
> 20.120-0000002a", "2,PROXY Call from 0123456 to 000972592603325") innew
stack
> == PROXY Call from 0123456 to 000972592603325
> -- Executing [000972592603325@default:2] Set("SIP/192.168.20.
> 120-0000002a", "CHANNEL(musicclass)=default") in new stack
> -- Executing [000972592603325@default:3] GotoIf("SIP/192.168.20.
> 120-0000002a", "0?dialluca") in new stack
> -- Executing [000972592603325@default:4] GotoIf("SIP/192.168.20.
> 120-0000002a", "0?dialfax") in new stack
> -- Executing [000972592603325@default:5] GotoIf("SIP/192.168.20.
> 120-0000002a", "0?dialanika") in new stack
> -- Executing [000972592603325@default:6] Dial("SIP/192.168.20.
> 120-0000002a", "SIP/pbxluca/000972592603325,,R") in new stack
> [Jun 8 21:42:50] WARNING[18981]: app_dial.c:2345 dial_exec_full:
> Unable to create channel of type 'SIP' (cause 20 - Subscriber absent)
> == Everyone is busy/congested at this time (1:0/0/1)
> -- Executing [000972592603325@default:7] Hangup("SIP/192.168.20.
> 120-0000002a", "") in new stack
> == Spawn extension (default, 000972592603325, 7) exited non-zero
> on 'SIP/192.168.20.120-0000002a'
> [Jun 8 21:43:22] WARNING[16633]: chan_sip.c:3830 retrans_pkt:
> Retransmission timeout reached on transmission
> 8dc31ca4e660a0408450715638784d86 for seqno 1 (Critical Response) -- See
> https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
> Packet timed out after 32001ms with no response
>
> At the time no phone try to call...
> On my Firewall I see a SIP packet coming from an IP in Palestine...
> Am I cracked? I think I disabled all "guest" access. How can I check if
my
> Asterisk allows guest to originate calls?
Based on SIP packets coming in from IP addresses you don't recognize,
while you may not be hacked, you would seem to have people probing your
system. One thing you can do at the firewall level is restrict inbound sip
communications to only those from your external phone providers. Depending
on their setup, they should be able to give you an IP, a range of IPs or a
name that can be used (i.e. sip.myphoneprovider.com). If you restrict your
inbound sip to that, it will be very helpful. Also, there are further
steps you can take to harden your systems. An internet search will bring
up many, but here are a couple of good ones:
http://blogs.digium.com/2009/03/28/sip-security/
http://www.ipcomms.net/blog/70-11-steps-to-secure-your-asterisk-ip-pbx
http://nerdvittles.com/?p=580
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
