Re: [asterisk-users] SIP client floods port 5060 and gets blocked
On Thu, Oct 28, 2010 at 1:42 AM, Jonas Kellens jonas.kell...@telenet.bewrote: On 10/28/2010 12:52 PM, Gordon Henderson wrote: On Thu, 28 Oct 2010, Jonas Kellens wrote On 10/28/2010 10:44 AM, Kevin Keane wrote: I assume that you checked and the remote IP is a legitimate IP phone? If not, it could be an attempt to break into your system. If it is a legitimate IP phone, make sure that the SIP configuration is correct -- if the SIP authentication fails, you can see this happening. 1. This is a legitimate phone, yes. 2. Registration goes as follow : REGISTER SIP/2.0 401 Unauthorized Re-Register with Digest 200 OK Is it s Snom phone? I've seen Snoms do this... Gordon I have this with Snom 320, Snom 370, Grandstream GXW4008 and YeaLink T28... Yes, I have seen this with Snom 370s... It's maddening. I'm going to start testing out the version 8.x firmware. - Julian -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] SIP client floods port 5060 and gets blocked
Hello, any more input on this subject ?! Kind regards, Jonas. Original Message Subject:Re: [asterisk-users] SIP client floods port 5060 and gets blocked Date: Thu, 28 Oct 2010 13:42:12 +0200 From: Jonas Kellens jonas.kell...@telenet.be To: Asterisk Users Mailing List - Non-Commercial Discussion asterisk-users@lists.digium.com On 10/28/2010 12:52 PM, Gordon Henderson wrote: On Thu, 28 Oct 2010, Jonas Kellens wrote On 10/28/2010 10:44 AM, Kevin Keane wrote: I assume that you checked and the remote IP is a legitimate IP phone? If not, it could be an attempt to break into your system. If it is a legitimate IP phone, make sure that the SIP configuration is correct -- if the SIP authentication fails, you can see this happening. 1. This is a legitimate phone, yes. 2. Registration goes as follow : REGISTER SIP/2.0 401 Unauthorized Re-Register with Digest 200 OK Is it s Snom phone? I've seen Snoms do this... Gordon I have this with Snom 320, Snom 370, Grandstream GXW4008 and YeaLink T28... Jonas. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] SIP client floods port 5060 and gets blocked
Hello, Is there any reason why an IP-phone would pounder on port 5060 ? My firewall blocks the public IP because it thinks the remote IP is port scanning on port 5060. I think the phone is just registering but for some reason it does this repeatedly in a very short time. Oct 28 09:01:48 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48073 DF PROTO=UDP SPT=2367 DPT=5060 LEN=676 Oct 28 09:01:49 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48074 DF PROTO=UDP SPT=2367 DPT=5060 LEN=676 Oct 28 09:01:50 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48075 DF PROTO=UDP SPT=2367 DPT=5060 LEN=676 Oct 28 09:01:52 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48076 DF PROTO=UDP SPT=2367 DPT=5060 LEN=676 Oct 28 09:01:56 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48077 DF PROTO=UDP SPT=2367 DPT=5060 LEN=676 Oct 28 09:02:00 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48078 DF PROTO=UDP SPT=2367 DPT=5060 LEN=676 Oct 28 09:02:04 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48079 DF PROTO=UDP SPT=2367 DPT=5060 LEN=676 Oct 28 09:02:08 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48083 DF PROTO=UDP SPT=2367 DPT=5060 LEN=676 Oct 28 09:02:12 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48084 DF PROTO=UDP SPT=2367 DPT=5060 LEN=676 Oct 28 09:02:16 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48085 DF PROTO=UDP SPT=2367 DPT=5060 LEN=676 Oct 28 09:02:20 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48087 DF PROTO=UDP SPT=2367 DPT=5060 LEN=676 Any input on this ?! Kind regards, Jonas. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] SIP client floods port 5060 and gets blocked
I assume that you checked and the remote IP is a legitimate IP phone? If not, it could be an attempt to break into your system. If it is a legitimate IP phone, make sure that the SIP configuration is correct - if the SIP authentication fails, you can see this happening. From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Jonas Kellens Sent: Thursday, October 28, 2010 12:39 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: [asterisk-users] SIP client floods port 5060 and gets blocked Hello, Is there any reason why an IP-phone would pounder on port 5060 ? My firewall blocks the public IP because it thinks the remote IP is port scanning on port 5060. I think the phone is just registering but for some reason it does this repeatedly in a very short time. Oct 28 09:01:48 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48073 DF PROTO=UDP SPT=2367 DPT=5060 LEN=676 Oct 28 09:01:49 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48074 DF PROTO=UDP SPT=2367 DPT=5060 LEN=676 Oct 28 09:01:50 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48075 DF PROTO=UDP SPT=2367 DPT=5060 LEN=676 Oct 28 09:01:52 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48076 DF PROTO=UDP SPT=2367 DPT=5060 LEN=676 Oct 28 09:01:56 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48077 DF PROTO=UDP SPT=2367 DPT=5060 LEN=676 Oct 28 09:02:00 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48078 DF PROTO=UDP SPT=2367 DPT=5060 LEN=676 Oct 28 09:02:04 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48079 DF PROTO=UDP SPT=2367 DPT=5060 LEN=676 Oct 28 09:02:08 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48083 DF PROTO=UDP SPT=2367 DPT=5060 LEN=676 Oct 28 09:02:12 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48084 DF PROTO=UDP SPT=2367 DPT=5060 LEN=676 Oct 28 09:02:16 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48085 DF PROTO=UDP SPT=2367 DPT=5060 LEN=676 Oct 28 09:02:20 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=remote_ip DST=server_ip LEN=696 TOS=0x00 PREC=0x00 TTL=53 ID=48087 DF PROTO=UDP SPT=2367 DPT=5060 LEN=676 Any input on this ?! Kind regards, Jonas. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] SIP client floods port 5060 and gets blocked
On 10/28/2010 10:44 AM, Kevin Keane wrote: I assume that you checked and the remote IP is a legitimate IP phone? If not, it could be an attempt to break into your system. If it is a legitimate IP phone, make sure that the SIP configuration is correct -- if the SIP authentication fails, you can see this happening. 1. This is a legitimate phone, yes. 2. Registration goes as follow : REGISTER SIP/2.0 401 Unauthorized Re-Register with Digest 200 OK Regards, Jonas. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] SIP client floods port 5060 and gets blocked
On Thu, 28 Oct 2010, Jonas Kellens wrote: On 10/28/2010 10:44 AM, Kevin Keane wrote: I assume that you checked and the remote IP is a legitimate IP phone? If not, it could be an attempt to break into your system. If it is a legitimate IP phone, make sure that the SIP configuration is correct -- if the SIP authentication fails, you can see this happening. 1. This is a legitimate phone, yes. 2. Registration goes as follow : REGISTER SIP/2.0 401 Unauthorized Re-Register with Digest 200 OK Is it s Snom phone? I've seen Snoms do this... Gordon -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] SIP client floods port 5060 and gets blocked
On 10/28/2010 12:52 PM, Gordon Henderson wrote: On Thu, 28 Oct 2010, Jonas Kellens wrote On 10/28/2010 10:44 AM, Kevin Keane wrote: I assume that you checked and the remote IP is a legitimate IP phone? If not, it could be an attempt to break into your system. If it is a legitimate IP phone, make sure that the SIP configuration is correct -- if the SIP authentication fails, you can see this happening. 1. This is a legitimate phone, yes. 2. Registration goes as follow : REGISTER SIP/2.0 401 Unauthorized Re-Register with Digest 200 OK Is it s Snom phone? I've seen Snoms do this... Gordon I have this with Snom 320, Snom 370, Grandstream GXW4008 and YeaLink T28... Jonas. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
