Hey, I know troopmaster software... our cub scout pack uses it! I agree with Tony re:userid's. We may change that in the future and have the userid more closely aligned with a network userid but that's neither here or now with 4.4.
So, userID's really should = extension (plus looks like you have nasty upper case letters in user names too... just asking for trouble) I'd take a step back and clean this stuff up now. Re-think the firewall setup (put some rate limiting in place & tighten up rules... are you running pfSense?). Thanks, Mike On Thu, Jan 26, 2012 at 10:43 PM, Nathaniel Watkins < [email protected]> wrote: > Also noticed this in sipXproxy.log - I'm assuming this is fallout from the > excessive hack attempts - I'll have Brian turn off forwarding on port 5060 > and see if that takes care of his phone registration problem. > > > "2012-01-26T10:28:35.819747Z":113867:KERNEL:NOTICE:sipx.troopmaster.com:SipClientTcp-29:B52FDB90:SipXProxy:"OsMsgQShared::doSendCore > message queue 'SipRouter-16' is over half full - count = 1998, max = 2000" > "2012-01-26T10:28:36.970925Z":113868:KERNEL:NOTICE:sipx.troopmaster.com:SipClientUdp-12:B7515B90:SipXProxy:"OsMsgQShared::doSendCore > message queue 'SipRouter-16' is over half full - count = 1999, max = 2000" > "2012-01-26T10:28:39.876333Z":113869:KERNEL:ERR:sipx.troopmaster.com:SipClientUdp-12:B7515B90:SipXProxy:"OsMsgQShared::doSendCore > message send failed for queue 'SipRouter-16' - no room, ret = 9" > "2012-01-26T10:28:39.876567Z":113870:SIP:CRIT:sipx.troopmaster.com:SipClientUdp-12:B7515B90:SipXProxy:"SipUserAgent::queueMessageToInterestedObservers > send failed with status 12 (numMsgs = 2000, maxMsgs = 2000)" > "2012-01-26T10:28:39.876583Z":113871:SIP:CRIT:sipx.troopmaster.com:SipClientUdp-12:B7515B90:SipXProxy:"SipUserAgent::queueMessageToInterestedObservers > send failed to queue named 'SipRouter-16'" > "2012-01-26T10:28:39.876599Z":113872:SIP:CRIT:sipx.troopmaster.com:SipClientUdp-12:B7515B90:SipXProxy:"SipUserAgent::queueMessageToInterestedObservers > observerQueue 0xb713565c, observerData (nil), SIP method '', wantsRequests > 1, wantsResponses 0, wantsIncoming 1, wantsOutGoing 0, eventName '', > SipSession (nil)" > "2012-01-26T10:28:39.876640Z":113873:SIP:CRIT:sipx.troopmaster.com:SipClientUdp-12:B7515B90:SipXProxy:"SipUserAgent::queueMessageToInterestedObservers > failed message is: REGISTER sip:troopmaster.com SIP/2.0\r\nVia: > SIP/2.0/UDP 192.168.0.250;branch=z9hG4bK6b33232620C238D5\r\nFrom: \"Patrick > Robbins\" <sip:[email protected]>;tag=CD0DF33E-8507624D\r\nTo: < > sip:[email protected]>\r\nCseq: 41 REGISTER\r\nCall-Id: > [email protected]\r\nContact: < > sip:[email protected]>;methods=\"INVITE, ACK, BYE, CANCEL, OPTIONS, > INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER\"\r\nUser-Agent: > PolycomSoundPointIP-SPIP_650-UA/3.2.4.0244\r\nAccept-Language: > en\r\nMax-Forwards: 70\r\nExpires: 3600\r\nContent-Length: 0\r\nDate: Thu, > 26 Jan 2012 10:28:39 GMT" > "2012-01-26T10:28:47.861883Z":113874:KERNEL:ERR:sipx.troopmaster.com:SipClientUdp-12:B7515B90:SipXProxy:"OsMsgQShared::doSendCore > message send failed for queue 'SipRouter-16' - no room, ret = 9" > "2012-01-26T10:28:47.862116Z":113875:SIP:CRIT:sipx.troopmaster.com:SipClientUdp-12:B7515B90:SipXProxy:"SipUserAgent::queueMessageToInterestedObservers > send failed with status 12 (numMsgs = 2000, maxMsgs = 2000)" > "2012-01-26T10:28:47.862132Z":113876:SIP:CRIT:sipx.troopmaster.com:SipClientUdp-12:B7515B90:SipXProxy:"SipUserAgent::queueMessageToInterestedObservers > send failed to queue named 'SipRouter-16'" > "2012-01-26T10:28:47.862148Z":113877:SIP:CRIT:sipx.troopmaster.com:SipClientUdp-12:B7515B90:SipXProxy:"SipUserAgent::queueMessageToInterestedObservers > observerQueue 0xb713565c, observerData (nil), SIP method '', wantsRequests > 1, wantsResponses 0, wantsIncoming 1, wantsOutGoing 0, eventName '', > SipSession (nil)" > "2012-01-26T10:28:47.862188Z":113878:SIP:CRIT:sipx.troopmaster.com:SipClientUdp-12:B7515B90:SipXProxy:"SipUserAgent::queueMessageToInterestedObservers > failed message is: REGISTER sip:troopmaster.com SIP/2.0\r\nVia: > SIP/2.0/UDP 192.168.0.251;branch=z9hG4bK6a3a9ceaC891D74D\r\nFrom: \"Robert > Edwards\" <sip:[email protected]>;tag=49469008-A95B4163\r\nTo: < > sip:[email protected]>\r\nCseq: 51 REGISTER\r\nCall-Id: > [email protected]\r\nContact: < > sip:[email protected]>;methods=\"INVITE, ACK, BYE, CANCEL, OPTIONS, > INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER\"\r\nUser-Agent: > PolycomSoundPointIP-SPIP_650-UA/3.2.4.0244\r\nAccept-Language: > en\r\nMax-Forwards: 70\r\nExpires: 3600\r\nContent-Length: 0\r\nDate: Thu, > 26 Jan 2012 10:28:47 GMT" > "2012-01-26T10:28:50.178745Z":113879:KERNEL:ERR:sipx.troopmaster.com:SipClientUdp-12:B7515B90:SipXProxy:"OsMsgQShared::doSendCore > message send failed for queue 'SipRouter-16' - no room, ret = 9" > "2012-01-26T10:28:50.178934Z":113880:SIP:CRIT:sipx.troopmaster.com:SipClientUdp-12:B7515B90:SipXProxy:"SipUserAgent::queueMessageToInterestedObservers > send failed with status 12 (numMsgs = 2000, maxMsgs = 2000)" > "2012-01-26T10:28:50.178949Z":113881:SIP:CRIT:sipx.troopmaster.com:SipClientUdp-12:B7515B90:SipXProxy:"SipUserAgent::queueMessageToInterestedObservers > send failed to queue named 'SipRouter-16'" > "2012-01-26T10:28:50.178965Z":113882:SIP:CRIT:sipx.troopmaster.com:SipClientUdp-12:B7515B90:SipXProxy:"SipUserAgent::queueMessageToInterestedObservers > observerQueue 0xb713565c, observerData (nil), SIP method '', wantsRequests > 1, wantsResponses 0, wantsIncoming 1, wantsOutGoing 0, eventName '', > SipSession (nil)" > "2012-01-26T10:28:50.179005Z":113883:SIP:CRIT:sipx.troopmaster.com:SipClientUdp-12:B7515B90:SipXProxy:"SipUserAgent::queueMessageToInterestedObservers > failed message is: REGISTER sip:troopmaster.com SIP/2.0\r\nVia: > SIP/2.0/UDP 192.168.0.253;branch=z9hG4bK3ee2f2e08856F439\r\nFrom: \"Kelly > Robbins\" <sip:[email protected]>;tag=6FAFE580-A8823F59\r\nTo: < > sip:[email protected]>\r\nCseq: 64 REGISTER\r\nCall-Id: > [email protected]\r\nContact: < > sip:[email protected]>;methods=\"INVITE, ACK, BYE, CANCEL, OPTIONS, > INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER\"\r\nUser-Agent: > PolycomSoundPointIP-SPIP_650-UA/3.2.4.0244\r\nAccept-Language: > en\r\nMax-Forwards: 70\r\nExpires: 3600\r\nContent-Length: 0\r\nDate: Thu, > 26 Jan 2012 10:28:50 GMT" > "2012-01-26T10:28:58.610079Z":113884:KERNEL:ERR:sipx.troopmaster.com:SipClientUdp-12:B7515B90:SipXProxy:"OsMsgQShared::doSendCore > message send failed for queue 'SipRouter-16' - no room, ret = 9" > "2012-01-26T10:28:58.610317Z":113885:SIP:CRIT:sipx.troopmaster.com:SipClientUdp-12:B7515B90:SipXProxy:"SipUserAgent::queueMessageToInterestedObservers > send failed with status 12 (numMsgs = 2000, maxMsgs = 2000)" > "2012-01-26T10:28:58.610334Z":113886:SIP:CRIT:sipx.troopmaster.com:SipClientUdp-12:B7515B90:SipXProxy:"SipUserAgent::queueMessageToInterestedObservers > send failed to queue named 'SipRouter-16'" > "2012-01-26T10:28:58.610350Z":113887:SIP:CRIT:sipx.troopmaster.com:SipClientUdp-12:B7515B90:SipXProxy:"SipUserAgent::queueMessageToInterestedObservers > observerQueue 0xb713565c, observerData (nil), SIP method '', wantsRequests > 1, wantsResponses 0, wantsIncoming 1, wantsOutGoing 0, eventName '', > SipSession (nil)" > "2012-01-26T10:28:58.610392Z":113888:SIP:CRIT:sipx.troopmaster.com:SipClientUdp-12:B7515B90:SipXProxy:"SipUserAgent::queueMessageToInterestedObservers > failed message is: REGISTER sip:troopmaster.com SIP/2.0\r\nVia: > SIP/2.0/UDP 192.168.0.241;branch=z9hG4bKe2187e9a8A9E4389\r\nFrom: \"Chad\" < > sip:[email protected]>;tag=5891D19A-94D20A89\r\nTo: < > sip:[email protected]>\r\nCseq: 104 REGISTER\r\nCall-Id: > [email protected]\r\nContact: < > sip:[email protected]>;methods=\"INVITE, ACK, BYE, CANCEL, OPTIONS, > INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER\"\r\nUser-Agent: > PolycomSoundPointIP-SPIP_650-UA/3.2.4.0244\r\nAccept-Language: > en\r\nMax-Forwards: 70\r\nExpires: 3600\r\nContent-Length: 0\r\nDate: Thu, > 26 Jan 2012 10:28:58 GMT" > "2012-01-26T10:29:03.491599Z":113889:KERNEL:ERR:sipx.troopmaster.com:SipClientUdp-12:B7515B90:SipXProxy:"OsMsgQShared::doSendCore > message send failed for queue 'SipRouter-16' - no room, ret = 9" > "2012-01-26T10:29:03.491860Z":113890:SIP:CRIT:sipx.troopmaster.com:SipClientUdp-12:B7515B90:SipXProxy:"SipUserAgent::queueMessageToInterestedObservers > send failed with status 12 (numMsgs = 2000, maxMsgs = 2000)" > "2012-01-26T10:29:03.491877Z":113891:SIP:CRIT:sipx.troopmaster.com:SipClientUdp-12:B7515B90:SipXProxy:"SipUserAgent::queueMessageToInterestedObservers > send failed to queue named 'SipRouter-16'" > "2012-01-26T10:29:03.491896Z":113892:SIP:CRIT:sipx.troopmaster.com:SipClientUdp-12:B7515B90:SipXProxy:"SipUserAgent::queueMessageToInterestedObservers > observerQueue 0xb713565c, observerData (nil), SIP method '', wantsRequests > 1, wantsResponses 0, wantsIncoming 1, wantsOutGoing 0, eventName '', > SipSession (nil)" > "2012-01-26T10:29:03.491940Z":113893:SIP:CRIT:sipx.troopmaster.com:SipClientUdp-12:B7515B90:SipXProxy:"SipUserAgent::queueMessageToInterestedObservers > failed message is: SUBSCRIBE > sip:[email protected];sipx-noroute=VoiceMail;sipx-userforward=false > SIP/2.0\r\nFrom: <sip:[email protected]:51340>;tag=m63a5m\r\nTo: < > sip:[email protected];sipx-noroute=VoiceMail;sipx-userforward=false>\r\nCall-Id: > LwyYkKZx3P0116\r\nCseq: 1 SUBSCRIBE\r\nContact: > <sip:192.168.0.99:51340;transport=udp>\r\nEvent: > reg\r\nAccept: application/reginfo+xml\r\nExpires: 2550\r\nDate: Thu, 26 > Jan 2012 10:29:03 GMT\r\nMax-Forwards: 20\r\nUser-Agent: sipXecs/4.4.0 > sipXecs/rls (Linux)\r\nAccept-Language: en\r\nVia: SIP/2.0/UDP > 192.168.0.99:51340;branch=z9hG4bK-XX-b91dqpg`kmznRTAHl_eSGHghDg\r\nContent-Length: > 0" > "2012-01-26T10:29:05.471246Z":113894:KERNEL:ERR:sipx.troopmaster.com:SipClientUdp-12:B7515B90:SipXProxy:"OsMsgQShared::doSendCore > message send failed for queue 'SipRouter-16' - no room, ret = 9" > "2012-01-26T10:29:05.471423Z":113895:SIP:CRIT:sipx.troopmaster.com:SipClientUdp-12:B7515B90:SipXProxy:"SipUserAgent::queueMessageToInterestedObservers > send failed with status 12 (numMsgs = 2000, maxMsgs = 2000)" > > -----Original Message----- > From: Joegen Baclor [mailto:[email protected]] > Sent: Thursday, January 26, 2012 9:21 PM > To: Discussion list for users of sipXecs software > Cc: Nathaniel Watkins > Subject: Re: [sipx-users] URL Call is disabled > > An ACK for REGISTER? Not only is it highly likely to be a hacking > attempt, you got a bunch of clowns behind it. > > On 01/27/2012 10:04 AM, Nathaniel Watkins wrote: > > RANCH\nACKsip:[email protected] SIP/2.0\r\nVia: SIP/2.0/UDP > 188.138.116.36:5211;branch=z9hG4bK-179067399;rport=5211\r\nContent-Length: > 0\r\nFrom: \"1\"<sip:[email protected]>; > tag=310132343934303034393930\r\nAccept: application/sdp\r\nUser-Agent: > friendly-scanner\r\nTo: \"1\"<sip:[email protected]>\r\nContact:< > sip:[email protected];x-sipX-nonat>\r\nCseq: 1 REGISTER ACK\r\nCall-Id: > 2236359437\r\nMax-Forwards: 20\r\nDate: Thu, 26 Jan 2012 09:18:36 > GMT\r\n\r\n\n SipTransaction dump:\n this: 0xb3f26580\n hash: > 2236359437c1\n mCallId: 2236359437\n mpBranchId->data(): > z9hG4bK-XX-800aPJLheelC0X36LoCQ4RYI1g\n > mRequestUri:sip:[email protected]\n mSendToAddress: 208.33.156.137\n > mSendToPort: -1\n mSendToProtocol: UNKNOWN\n > mCancelReasonValue: \n mpDnsSrvRecords: NULL\n mFromField: \" > > 1\"<sip:[email protected]>;tag=310132343934303034393930\n mToField: > \"1\"<sip:[email protected]>\n mRequestMethod: ACK\n mCseq: 1\n > mIsServerTransaction: FALSE\n > > > This message and any files transmitted with it are intended only for the > individual(s) or entity named. If you are not the intended individual(s) or > entity named you are hereby notified that any disclosure, copying, > distribution or reliance upon its contents is strictly prohibited. If you > have received this in error, please notify the sender, delete the original, > and destroy all copies. Email transmissions cannot be guaranteed to be > secure or error-free as information could be intercepted, corrupted, lost, > destroyed, arrive late or incomplete, or contain viruses. Garrett County > Government therefore does not accept any liability for any errors or > omissions in the contents of this message, which arise as a result of email > transmission. > > > Garrett County Government, > 203 South Fourth Street, Courthouse, Oakland, Maryland 21550 > www.garrettcounty.org > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > -- Michael Picher, Director of Technical Services eZuce, Inc. 300 Brickstone Square**** Suite 201**** Andover, MA. 01810 O.978-296-1005 X2015 M.207-956-0262 @mpicher <http://twitter.com/mpicher> www.ezuce.com ------------------------------------------------------------------------------------------------------------ Hope to see you at the sipX CoLab! http://www.sipfoundry.org/sipx-colab A gathering for - open source users, eZuce customers & eZuce partners Get the inside track on 4.6 and a glimpse at the future of sipXecs!
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
