On 10/09/2010 11:28 AM, Tony Graziano wrote: > Find out what is wrong with your proxy/proxy config and your problems > will be solved.
Right before the service stops working, it seems that I was attacked -- so I guess the whole issue comes down to a DOS attack? Or an inadvertent DOS as a result of an attempted break-in? If so, what can be done assuming I'd still like to be able to connect (e.g. from my Android and laptop) remotely? Thanks, Joe ------------------------------- "2010-10-09T01:40:37.228840Z":925117:INCOMING:INFO:sip.joeconway.com:SipClientUdp-8:41C52940:SipXProxy:"Read SIP message:\n----Local Host:XXX.XXX.XXX.XXX---- Port: 5060----\n----Remote Host:208.109.86.49---- Port: 5085----\nOPTIONS sip:[email protected] SIP/2.0\r\nVia: SIP/2.0/UDP 208.109.86.49:5085;branch=z9hG4bK-4251521253;rport\r\nContent-Length: 0\r\nFrom: \"sipvicious\"<sip:[email protected]>; tag=3438643631646633313363340133363635323839363731\r\nAccept: application/sdp\r\nUser-Agent: friendly-scanner\r\nTo: \"sipvicious\"<sip:[email protected]>\r\nContact: sip:[email protected]:5085\r\nCSeq: 1 OPTIONS\r\nCall-ID: 247763875582352644695379\r\nMax-Forwards: 70\r\n\r\n====================END====================" "2010-10-09T01:40:37.232191Z":925118:AUTH:INFO:XXX.XXXXXXXX.com:SipRouter-11:41E54940:SipXProxy:"EnforceAuthRules[400_authrules]::authorizeAndModify no permission required for call 247763875582352644695379" ------------------------------- # grep 208.109.86.49 sipXproxy.log |wc -l 150388 # nmap -O 208.109.86.49 Starting Nmap 5.21 ( http://nmap.org ) at 2010-10-09 12:44 PDT Nmap scan report for ip-208-109-86-49.ip.secureserver.net (208.109.86.49) Host is up (0.047s latency). Not shown: 977 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 42/tcp filtered nameserver 53/tcp open domain 80/tcp open http 111/tcp open rpcbind 135/tcp filtered msrpc 139/tcp filtered netbios-ssn 161/tcp filtered snmp 179/tcp filtered bgp 443/tcp open https 445/tcp filtered microsoft-ds 1028/tcp filtered unknown 1080/tcp filtered socks 1434/tcp filtered ms-sql-m 3128/tcp filtered squid-http 3306/tcp open mysql 6666/tcp filtered irc 6667/tcp filtered irc 6668/tcp filtered irc 9999/tcp open abyss 12345/tcp filtered netbus 31337/tcp filtered Elite Device type: WAP|general purpose|telecom-misc|firewall Running (JUST GUESSING) : Linux 2.4.X|2.6.X (88%), Avaya Linux 2.6.X (86%), Check Point embedded (86%), OpenBSD 4.X (86%), Fortinet embedded (86%), Microsoft Windows Vista (86%) Aggressive OS guesses: DD-WRT v23 (Linux 2.4.36) (88%), Linux 2.6.18 (88%), Linux 2.6.26 (PCLinuxOS) (88%), Linux 2.6.30 (88%), Linux 2.6.24 (87%), Avaya Communication Manager (Linux 2.6.11) (86%), Check Point ZoneAlarm Z100G firewall (86%), Linux 2.6.24 (Debian) (86%), Linux 2.6.26 (86%), OpenBSD 4.0 (86%) No exact OS matches for host (test conditions non-ideal). Network Distance: 14 hops -- Joe Conway credativ LLC: http://www.credativ.us Linux, PostgreSQL, and general Open Source Training, Service, Consulting, & 24x7 Support
signature.asc
Description: OpenPGP digital signature
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
