Tod Fitch wrote: > Probably not the correct mailing list but this might be of interest > anyway. This morning in my Astlinux logs I found a bunch messages I'd > not seen before. Here are the last 3: > > 05:04:06 pbx local0.notice asterisk[12679]: NOTICE[12679]: > chan_sip.c:15236 in handle_request_register: Registration from > '"9997"<sip:[email protected]>' failed for '174.137.49.78' - No > matching peer found > Mar 24 05:04:06 pbx local0.notice asterisk[12679]: NOTICE[12679]: > chan_sip.c:15236 in handle_request_register: Registration from > '"9998"<sip:[email protected]>' failed for '174.137.49.78' - No > matching peer found > Mar 24 05:04:06 pbx local0.notice asterisk[12679]: NOTICE[12679]: > chan_sip.c:15236 in handle_request_register: Registration from > '"9999"<sip:[email protected]>' failed for '174.137.49.78' - No > matching peer found > So 174.137.49.78 (78.49.137.174.in-addr.arpa. 86400 IN PTR > unknown.caratnetworks.com.) was attempting to register with my > Astlinux box on all possible 4 digit extensions. Fortunately for me my > extensions are all alpha-numeric and all longer than 4 characters. I > just checked and none of them look like a dictionary attack would work > either. > > Anyway, I don't know how common this is. But it is the first time I > have noticed malicious SIP registration attempts. I do get a huge > number of that type of thing on my firewall for things link ssh. I > just hadn't seen it before for SIP. > > Cheers, > Tod >
Yeah, I've seen them before. Turn off "allowguest" in /etc/asterisk/sip.conf -Philip ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
