check your registrar log... /var/log/sipxpbx/sipregistrar.log
On Tue, Jun 5, 2012 at 12:01 PM, Saad <[email protected]> wrote: > Thank you.. How determine the attacker IP address please? Any places in > the log would have this information? > > > On Tue, Jun 5, 2012 at 10:54 AM, Michael Picher <[email protected]> wrote: > >> Firewalls are good things... >> >> On Tue, Jun 5, 2012 at 10:41 AM, Saad <[email protected]> wrote: >> >>> Hello, >>> The loggin level was set to "Notice for all " The system is being >>> flooded with Subscribe, 401 Unauthorized, 404 not found sent from >>> SIPXCALLWATCHER Please advise what can we do to stop them .. >>> >>> Regards >>> Saad >>> >>> On Mon, Jun 4, 2012 at 3:29 PM, Tony Graziano < >>> [email protected]> wrote: >>> >>>> This usually means your log level is above notice. >>>> On Jun 4, 2012 3:21 PM, "Saad" <[email protected]> wrote: >>>> >>>>> Hello, >>>>> >>>>> We are seeing tons of the following SIP messages in our sipXproxy logs >>>>> and want to stop them as it seems to affect the system functionality ( >>>>> call >>>>> dropping, call setup .. etc) .. We are on 4.4 with all yum update in place >>>>> >>>>> Regards >>>>> Saad >>>>> >>>>> >>>>> Time: 2012-06-04T14:08:23.824000Z >>>>> Frame: 8196 sipxopenfire.xml:13583949 >>>>> Source: sipx.OurWebSite.ca-sipxcallwatcher >>>>> Dest: XXX.XXX.XXX.XXX:5060 >>>>> >>>>> SUBSCRIBE sip:[email protected];transport=tcp >>>>> SIP/2.0 >>>>> Call-ID: [email protected] >>>>> CSeq: 1 SUBSCRIBE >>>>> From: "Call Watcher" <sip:[email protected] >>>>> >;tag=2552775716380074323 >>>>> To: <sip:[email protected]> >>>>> Via: SIP/2.0/TCP >>>>> XXX.XXX.XXX.XXX:5064;branch=z9hG4bK6c19d3e529767eede46f2f49b58e5313333436 >>>>> Max-Forwards: 70 >>>>> Contact: "~~id~xmpprlsclient" <sip:[email protected] >>>>> :5064;transport=tcp> >>>>> Expires: 3600 >>>>> Supported: eventlist >>>>> Event: dialog >>>>> Accept: >>>>> application/dialog-info+xml,application/rlmi+xml,multipart/related >>>>> Content-Length: 0 >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> Time: 2012-06-04T14:08:23.826000Z >>>>> Frame: 8197 sipxopenfire.xml:13583953 >>>>> Source: XXX.XXX.XXX.XXX:5060 >>>>> Dest: sipx.OurWebSite.ca-sipxcallwatcher >>>>> >>>>> SIP/2.0 401 Unauthorized >>>>> Record-Route: >>>>> <sip:XXX.XXX.XXX.XXX:5060;lr;sipXecs-rs=%2Aauth%7E.%2Afrom%7EMjU1Mjc3NTcxNjM4MDA3NDMyMw%60%60%211a6c198a8da42d373f317744904bd514;x-sipX-done> >>>>> From: "Call Watcher" <sip:[email protected] >>>>> >;tag=2552775716380074323 >>>>> To: <sip:[email protected]>;tag=jRUlFy >>>>> Call-ID: [email protected] >>>>> CSeq: 1 SUBSCRIBE >>>>> Via: SIP/2.0/TCP >>>>> XXX.XXX.XXX.XXX:5064;branch=z9hG4bK6c19d3e529767eede46f2f49b58e5313333436 >>>>> WWW-Authenticate: Digest >>>>> realm="OurWebSite.ca",nonce="1b54c24de07e1e1aab6707aed43862a74fccc157",qop="auth" >>>>> Contact: <sip:[email protected] >>>>> :5140;transport=udp> >>>>> Date: Mon, 04 Jun 2012 14:08:23 GMT >>>>> Allow: INVITE,ACK,CANCEL,BYE,REFER,OPTIONS,SUBSCRIBE,MESSAGE >>>>> User-Agent: sipXecs/4.4.0 sipXecs/rls (Linux) >>>>> Accept-Language: en >>>>> Require: eventlist >>>>> Content-Length: 0 >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> Time: 2012-06-04T14:08:23.835000Z >>>>> Frame: 8198 sipxopenfire.xml:13583964 >>>>> Source: sipx.OurWebSite.ca-sipxcallwatcher >>>>> Dest: XXX.XXX.XXX.XXX:5060 >>>>> >>>>> SUBSCRIBE >>>>> sip:[email protected]:5060;transport=tcp;maddr=XXX.XXX.XXX.XXX >>>>> SIP/2.0 >>>>> Call-ID: [email protected] >>>>> CSeq: 2 SUBSCRIBE >>>>> From: "Call Watcher" <sip:[email protected] >>>>> >;tag=2552775716380074323 >>>>> To: <sip:[email protected]> >>>>> Via: SIP/2.0/TCP >>>>> XXX.XXX.XXX.XXX:5064;branch=z9hG4bK684c38fb925b05e25fe241b0621052ca333436 >>>>> Max-Forwards: 70 >>>>> Contact: "~~id~xmpprlsclient" <sip:[email protected] >>>>> :5064;transport=tcp> >>>>> Expires: 3600 >>>>> Supported: eventlist >>>>> Event: dialog >>>>> Accept: >>>>> application/dialog-info+xml,application/rlmi+xml,multipart/related >>>>> Authorization: Digest >>>>> username="~~id~xmpprlsclient",realm="OurWebSite.ca",nonce="1b54c24de07e1e1aab6707aed43862a74fccc157",uri="sip:[email protected] >>>>> :5060;transport=tcp;maddr=XXX.XXX.XXX.XXX",response="2f9eea00ca19aee0b0795ecf532084dd",qop=auth,cnonce="xyz",nc=00000001 >>>>> Content-Length: 0 >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> Time: 2012-06-04T14:08:25.346000Z >>>>> Frame: 8199 sipxopenfire.xml:13583971 >>>>> Source: XXX.XXX.XXX.XXX:5060 >>>>> Dest: sipx.OurWebSite.ca-sipxcallwatcher >>>>> >>>>> SIP/2.0 404 Not Found >>>>> Record-Route: >>>>> <sip:XXX.XXX.XXX.XXX:5060;lr;sipXecs-rs=%2Aauth%7E.%2Afrom%7EMjU1Mjc3NTcxNjM4MDA3NDMyMw%60%60%211a6c198a8da42d373f317744904bd514;x-sipX-done> >>>>> From: "Call Watcher" <sip:[email protected] >>>>> >;tag=2552775716380074323 >>>>> To: <sip:[email protected]>;tag=_TnbtR >>>>> Call-ID: [email protected] >>>>> CSeq: 2 SUBSCRIBE >>>>> Via: SIP/2.0/TCP >>>>> XXX.XXX.XXX.XXX:5064;branch=z9hG4bK684c38fb925b05e25fe241b0621052ca333436 >>>>> Expires: 3536 >>>>> Contact: <sip:[email protected] >>>>> :5140;transport=udp> >>>>> Date: Mon, 04 Jun 2012 14:08:25 GMT >>>>> Allow: INVITE,ACK,CANCEL,BYE,REFER,OPTIONS,SUBSCRIBE,MESSAGE >>>>> User-Agent: sipXecs/4.4.0 sipXecs/rls (Linux) >>>>> Accept-Language: en >>>>> Require: eventlist >>>>> Content-Length: 0 >>>>> >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> sipx-users mailing list >>>>> [email protected] >>>>> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >>>>> >>>> >>>> LAN/Telephony/Security and Control Systems Helpdesk: >>>> Telephone: 434.984.8426 >>>> sip: [email protected].**net<[email protected]> >>>> >>>> Helpdesk Customers: >>>> http://myhelp.myitdepartment.**net<http://myhelp.myitdepartment.net> >>>> Blog: http://blog.myitdepartment.net >>>> >>>> _______________________________________________ >>>> sipx-users mailing list >>>> [email protected] >>>> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >>>> >>> >>> >>> _______________________________________________ >>> sipx-users mailing list >>> [email protected] >>> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >>> >> >> >> >> -- >> Michael Picher, Director of Technical Services >> eZuce, Inc. >> >> 300 Brickstone Square**** >> >> Suite 201**** >> >> Andover, MA. 01810 >> O.978-296-1005 X2015 >> M.207-956-0262 >> @mpicher <http://twitter.com/mpicher> >> linkedin <http://www.linkedin.com/profile/view?id=35504760&trk=tab_pro> >> www.ezuce.com >> >> >> ------------------------------------------------------------------------------------------------------------ >> There are 10 kinds of people in the world, those who understand binary >> and those who don't. >> >> >> _______________________________________________ >> sipx-users mailing list >> [email protected] >> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >> > > > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > -- Michael Picher, Director of Technical Services eZuce, Inc. 300 Brickstone Square**** Suite 201**** Andover, MA. 01810 O.978-296-1005 X2015 M.207-956-0262 @mpicher <http://twitter.com/mpicher> linkedin <http://www.linkedin.com/profile/view?id=35504760&trk=tab_pro> www.ezuce.com ------------------------------------------------------------------------------------------------------------ There are 10 kinds of people in the world, those who understand binary and those who don't.
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
