Thank you.. How determine the attacker IP address please? Any places in the log would have this information?
On Tue, Jun 5, 2012 at 10:54 AM, Michael Picher <[email protected]> wrote: > Firewalls are good things... > > On Tue, Jun 5, 2012 at 10:41 AM, Saad <[email protected]> wrote: > >> Hello, >> The loggin level was set to "Notice for all " The system is being flooded >> with Subscribe, 401 Unauthorized, 404 not found sent from SIPXCALLWATCHER >> Please advise what can we do to stop them .. >> >> Regards >> Saad >> >> On Mon, Jun 4, 2012 at 3:29 PM, Tony Graziano < >> [email protected]> wrote: >> >>> This usually means your log level is above notice. >>> On Jun 4, 2012 3:21 PM, "Saad" <[email protected]> wrote: >>> >>>> Hello, >>>> >>>> We are seeing tons of the following SIP messages in our sipXproxy logs >>>> and want to stop them as it seems to affect the system functionality ( call >>>> dropping, call setup .. etc) .. We are on 4.4 with all yum update in place >>>> >>>> Regards >>>> Saad >>>> >>>> >>>> Time: 2012-06-04T14:08:23.824000Z >>>> Frame: 8196 sipxopenfire.xml:13583949 >>>> Source: sipx.OurWebSite.ca-sipxcallwatcher >>>> Dest: XXX.XXX.XXX.XXX:5060 >>>> >>>> SUBSCRIBE sip:[email protected];transport=tcp >>>> SIP/2.0 >>>> Call-ID: [email protected] >>>> CSeq: 1 SUBSCRIBE >>>> From: "Call Watcher" <sip:[email protected] >>>> >;tag=2552775716380074323 >>>> To: <sip:[email protected]> >>>> Via: SIP/2.0/TCP >>>> XXX.XXX.XXX.XXX:5064;branch=z9hG4bK6c19d3e529767eede46f2f49b58e5313333436 >>>> Max-Forwards: 70 >>>> Contact: "~~id~xmpprlsclient" <sip:[email protected] >>>> :5064;transport=tcp> >>>> Expires: 3600 >>>> Supported: eventlist >>>> Event: dialog >>>> Accept: >>>> application/dialog-info+xml,application/rlmi+xml,multipart/related >>>> Content-Length: 0 >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> Time: 2012-06-04T14:08:23.826000Z >>>> Frame: 8197 sipxopenfire.xml:13583953 >>>> Source: XXX.XXX.XXX.XXX:5060 >>>> Dest: sipx.OurWebSite.ca-sipxcallwatcher >>>> >>>> SIP/2.0 401 Unauthorized >>>> Record-Route: >>>> <sip:XXX.XXX.XXX.XXX:5060;lr;sipXecs-rs=%2Aauth%7E.%2Afrom%7EMjU1Mjc3NTcxNjM4MDA3NDMyMw%60%60%211a6c198a8da42d373f317744904bd514;x-sipX-done> >>>> From: "Call Watcher" <sip:[email protected] >>>> >;tag=2552775716380074323 >>>> To: <sip:[email protected]>;tag=jRUlFy >>>> Call-ID: [email protected] >>>> CSeq: 1 SUBSCRIBE >>>> Via: SIP/2.0/TCP >>>> XXX.XXX.XXX.XXX:5064;branch=z9hG4bK6c19d3e529767eede46f2f49b58e5313333436 >>>> WWW-Authenticate: Digest >>>> realm="OurWebSite.ca",nonce="1b54c24de07e1e1aab6707aed43862a74fccc157",qop="auth" >>>> Contact: <sip:[email protected] >>>> :5140;transport=udp> >>>> Date: Mon, 04 Jun 2012 14:08:23 GMT >>>> Allow: INVITE,ACK,CANCEL,BYE,REFER,OPTIONS,SUBSCRIBE,MESSAGE >>>> User-Agent: sipXecs/4.4.0 sipXecs/rls (Linux) >>>> Accept-Language: en >>>> Require: eventlist >>>> Content-Length: 0 >>>> >>>> >>>> >>>> >>>> >>>> Time: 2012-06-04T14:08:23.835000Z >>>> Frame: 8198 sipxopenfire.xml:13583964 >>>> Source: sipx.OurWebSite.ca-sipxcallwatcher >>>> Dest: XXX.XXX.XXX.XXX:5060 >>>> >>>> SUBSCRIBE >>>> sip:[email protected]:5060;transport=tcp;maddr=XXX.XXX.XXX.XXX >>>> SIP/2.0 >>>> Call-ID: [email protected] >>>> CSeq: 2 SUBSCRIBE >>>> From: "Call Watcher" <sip:[email protected] >>>> >;tag=2552775716380074323 >>>> To: <sip:[email protected]> >>>> Via: SIP/2.0/TCP >>>> XXX.XXX.XXX.XXX:5064;branch=z9hG4bK684c38fb925b05e25fe241b0621052ca333436 >>>> Max-Forwards: 70 >>>> Contact: "~~id~xmpprlsclient" <sip:[email protected] >>>> :5064;transport=tcp> >>>> Expires: 3600 >>>> Supported: eventlist >>>> Event: dialog >>>> Accept: >>>> application/dialog-info+xml,application/rlmi+xml,multipart/related >>>> Authorization: Digest >>>> username="~~id~xmpprlsclient",realm="OurWebSite.ca",nonce="1b54c24de07e1e1aab6707aed43862a74fccc157",uri="sip:[email protected] >>>> :5060;transport=tcp;maddr=XXX.XXX.XXX.XXX",response="2f9eea00ca19aee0b0795ecf532084dd",qop=auth,cnonce="xyz",nc=00000001 >>>> Content-Length: 0 >>>> >>>> >>>> >>>> >>>> >>>> Time: 2012-06-04T14:08:25.346000Z >>>> Frame: 8199 sipxopenfire.xml:13583971 >>>> Source: XXX.XXX.XXX.XXX:5060 >>>> Dest: sipx.OurWebSite.ca-sipxcallwatcher >>>> >>>> SIP/2.0 404 Not Found >>>> Record-Route: >>>> <sip:XXX.XXX.XXX.XXX:5060;lr;sipXecs-rs=%2Aauth%7E.%2Afrom%7EMjU1Mjc3NTcxNjM4MDA3NDMyMw%60%60%211a6c198a8da42d373f317744904bd514;x-sipX-done> >>>> From: "Call Watcher" <sip:[email protected] >>>> >;tag=2552775716380074323 >>>> To: <sip:[email protected]>;tag=_TnbtR >>>> Call-ID: [email protected] >>>> CSeq: 2 SUBSCRIBE >>>> Via: SIP/2.0/TCP >>>> XXX.XXX.XXX.XXX:5064;branch=z9hG4bK684c38fb925b05e25fe241b0621052ca333436 >>>> Expires: 3536 >>>> Contact: <sip:[email protected] >>>> :5140;transport=udp> >>>> Date: Mon, 04 Jun 2012 14:08:25 GMT >>>> Allow: INVITE,ACK,CANCEL,BYE,REFER,OPTIONS,SUBSCRIBE,MESSAGE >>>> User-Agent: sipXecs/4.4.0 sipXecs/rls (Linux) >>>> Accept-Language: en >>>> Require: eventlist >>>> Content-Length: 0 >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> sipx-users mailing list >>>> [email protected] >>>> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >>>> >>> >>> LAN/Telephony/Security and Control Systems Helpdesk: >>> Telephone: 434.984.8426 >>> sip: [email protected].**net<[email protected]> >>> >>> Helpdesk Customers: >>> http://myhelp.myitdepartment.**net<http://myhelp.myitdepartment.net> >>> Blog: http://blog.myitdepartment.net >>> >>> _______________________________________________ >>> sipx-users mailing list >>> [email protected] >>> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >>> >> >> >> _______________________________________________ >> sipx-users mailing list >> [email protected] >> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >> > > > > -- > Michael Picher, Director of Technical Services > eZuce, Inc. > > 300 Brickstone Square**** > > Suite 201**** > > Andover, MA. 01810 > O.978-296-1005 X2015 > M.207-956-0262 > @mpicher <http://twitter.com/mpicher> > linkedin <http://www.linkedin.com/profile/view?id=35504760&trk=tab_pro> > www.ezuce.com > > > ------------------------------------------------------------------------------------------------------------ > There are 10 kinds of people in the world, those who understand binary and > those who don't. > > > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/ >
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
