On 2020-04-01 15:12, Greg Troxel wrote: > D'Arcy Cain <da...@vybenetworks.com> writes: > But yet, new packets from that IP address reach asterisk. It seems > almost entirely clear to me that you have a firewall problem, not an > asterisk problem.
This could well be but Asterisk is the only thing that continues to communicate. > I would test this out with a remote machine under your control, and > packet trace. I would check for a buggy firewall rule that is somehow > accepting packets from new tcp or udp packets as matching an old > connection state object. I would check for the new attempts as coming > from something that matches the original "connection", even if UDP. Here is the first four lines from "pfctl -sr": pass in quick on bge0 from <FRIENDS> to any flags S/SA keep state block drop in log quick on bge0 from <ENEMIES> to any block drop in log quick on bge0 from <AUTOBLOCK> to any block drop out log quick on bge0 from any to <AUTOBLOCK> Unless pf is broken I can't see how anything besides my "friends" can be getting through. >> The weird thing is that the attempts don't stop. That IP continues to >> try different numbers. There are two ways that I have found so far to > > You say "continues to try", but surely you are not surprised that > packets arrive at your computer. I think you are surprised that they > make it to asterisk. But your language doesn't quite line up with > that. Am I misinterpreting? Maybe. By "try" I don't mean "try to get through". I mean "try to access my switch". They aren't actually breaking in. My passwords are strong enough to frustrate them. -- D'Arcy J.M. Cain Vybe Networks Inc. A unit of Excelsior Solutions Corporation - Propelling Business Forward http://www.VybeNetworks.com/ IM:da...@vybenetworks.com VoIP: sip:da...@vybenetworks.com -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
