Hi Martin, This looks like a SIP reply. I suspect that a misconfigured SIP phone or proxy is inserting a Via: header that contains the 195.77 address, or a name that resolves to it. Capture the packet text with your firewall, or by running Ethereal on your * machine, or with * itself, and the other headers should lead you to the source.
Otherwise, it's possible that an external INVITE is somehow getting in. It's plausible that a travel company would be using VoIP. inetnum: 195.77.113.192 - 195.77.113.223 netname: V-SOLTOUR descr: Viajes Soltour descr: Corporate Access country: ES admin-c: MR6821-RIPE tech-c: MR6821-RIPE status: ASSIGNED PA mnt-by: MAINT-AS3352 changed: [EMAIL PROTECTED] 19991123 changed: [EMAIL PROTECTED] 20030725 source: RIPE person: Mateo Ramon address: Viajes Soltour address: Casp 17, 3 Planta address: Barcelona 08010 address: SPAIN phone: +34 971 787000 fax-no: +34 971 457106 e-mail: [EMAIL PROTECTED] nic-hdl: MR6821-RIPE mnt-by: MAINT-AS3352 changed: [EMAIL PROTECTED] 19991123 source: RIPE --Stewart -----Original Message----- Date: Fri, 04 Jun 2004 10:30:30 +0200 From: Martin Mielke <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [Asterisk-Users] Strange connection to the outside... Reply-To: [EMAIL PROTECTED] Hi all, for some strange reason, our still-under-test Asterisk deployment wants to contact the outside world and that raised some eyebrows here... Just a sample of our firewall log: -- ...a=DROPIN=eth0 OUT=eth2 SRC=192.168.36.199 DST=195.77.113.194 LEN=476 TOS=0x10 PREC=0x00 TTL=62 ID=39572 DF PROTO=UDP SPT=5060 DPT=62975 LEN=456 -- Why is this happening? We got no relationship with the DST IP address and external access is not allowed. Any ideas? Martin _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
