I belive that is the normal behavior when you set sipx to be behind NAT
It uses a process to keep pin holes open through the firewall (so the NAT port stays open) which is probably being picked up as a portscan. just a guess. -m >>> Roman Gelfand <[email protected]> 02/22/12 5:13 PM >>> Actually, this started happening when set public ip to sipx wan ip. What is happening here is my firewall has intrusion protection sensor which produces a report depicting violations. So, this report is showing Date & Time From To Service Attack 2012-02-22 12:04:17 192.168.20.66 192.168.20.66 5060/udp custom: SIP.Options.Scan.UDP, repeated 34 times Are you saying the from ip could have been forged? If so, what is the point of continuously scanning ports? it is not like there is an attempt to guess the password, which happens consistently twice a week. In this case, intruder's ip is logged. 2012-02-19 16:15:12 66.87.82.51 192.168.20.66 5060/udp custom: SIP.User.Password.Guessing.UDP, repeated 3 times Thanks for your help On Wed, Feb 22, 2012 at 3:57 PM, Tony Graziano <[email protected]> wrote: > Not in the way you describe. Did you use the public ip address can > manipulate the headers for outbound traffic for trunking and so forth. > > What you are seeing our packets coming through your firewall if they are > scanning the server. You would do well to get a packet capture to see where > these packets are originating from. > > On Feb 22, 2012 3:22 PM, "Roman Gelfand" <[email protected]> wrote: >> >> Does SIPX server communicate with public interface whose ip is >> specified in the NAT section of server configuration? >> >> The reason why I am asking this is because I am seeing, in firewall >> log, sip port scanning attempts from the sipx server ip to the sipx >> server ip. >> >> Thanks in advance >> _______________________________________________ >> sipx-users mailing list >> [email protected] >> List Archive: http://list.sipfoundry.org/archive/sipx-users/ > > > LAN/Telephony/Security and Control Systems Helpdesk: > Telephone: 434.984.8426 > sip: [email protected] > > Helpdesk Customers: http://myhelp.myitdepartment.net > Blog: http://blog.myitdepartment.net > > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/ _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
