There's a bunch of monitoring tools out there that do a port scan then
probe to make sure those ports stay open.
On Wed, Dec 20, 2017 at 10:56 AM, Wes Sisk (wsisk) wrote:
> +1. I have seen syn scan or TCP half open cause alerts with no ip, no
> mac.
>
> you can get some insight if this happening
+1. I have seen syn scan or TCP half open cause alerts with no ip, no mac.
you can get some insight if this happening using the workaround for
CSCsw73304CLI show open ports to show ports in SYN_RECV
-wes
On Dec 20, 2017, at 7:47 AM, Dave Goodwin
mailto:dave.good...@december.net>> wrote:
An
Fulgenzi
Cc: Ryan Huff ; cisco-voip voyp list
Subject: Re: [cisco-voip] untraceable connection attempt?
Any chance there’s an active vulnerability scanning machine on the network?
With SYN scanning (half-open scans), it only sends a SYN packet to each port
and never fully opens a TCP connection
Any chance there’s an active vulnerability scanning machine on the network?
With SYN scanning (half-open scans), it only sends a SYN packet to each
port and never fully opens a TCP connection. I’m wondering whether this
scenario might cause CallManager to report this incomplete registration
alarm w
Also, definitely not exceeded number of registered devices. Especially not on
the node where this alarm was coming from.
Sent from my iPhone
On Dec 20, 2017, at 12:01 AM, Ryan Huff
mailto:ryanh...@outlook.com>> wrote:
Yeah it’s tough for sure, because the error is from the device failing to
Yeah... gonna just ignore it for now.
But it does worry me.
Especially if it came from the data side of things.
Sent from my iPhone
On Dec 20, 2017, at 12:01 AM, Ryan Huff
mailto:ryanh...@outlook.com>> wrote:
Yeah it’s tough for sure, because the error is from the device failing to
registe
Yeah it’s tough for sure, because the error is from the device failing to
register, before providing any identifying information about itself ... so next
to impossible to find from the mothership point of view.
You haven’t by chance exceeded the
“Maximum Number of Registered Devices” threshold f
First time I think I've ever seen this. Especially with no MAC or IP addr.
Only one alert.
But we've recently started allowing Jabber connections from our data VLANS.
I'd hate for it to be the beginning of something larger.
Sent from my iPhone
On Dec 19, 2017, at 11:35 PM, Ryan Huff
mailto:r
Could also be network connectivity among a lot of things but more often than
not, bouncing CM service seems to fix if this is a recurring alarm. If it’s a
one time alarm you’ve not seen before; likely legitimately referring to a
device.
If you’ve recently added any new devices, check network co
I used that page as the source although were on 9.1. Figure reason codes are
pretty static.
But where do find the details about a node restart necessary?
I'm on a phone so can't get good overall view of page.
Also, we only just recently restarted the whole cluster.
Sent from my iPhone
On Dec
Sounds like you should schedule a bounce of the CM service for this node.
Have a read here for more detail:
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/err_msgs/8_x/ccmalarms851.html
Thanks,
Ryan
On Dec 19, 2017, at 11:11 PM, Lelio Fulgenzi
mailto:le...@uoguelph.ca>> wrote:
An e
This is weird. No MAC. No IP.
Reason code 14 points to sip malformed header.
But trying to connect to port 2000?
Sent from my iPhone
Begin forwarded message:
%UC_CALLMANAGER-3-EndPointTransientConnection: %[Connecting Port=2000][Device
name=][Device IP address=0.0.0.0][Device type=255][Re
12 matches
Mail list logo