Re: [sipx-users] Registrations dropping

[Steve Beaudry]

Hi Laurie,

   I have to agree with Tony here.  I've had exactly the same issue you 
describe at two different installations, and in every case it turned out to be 
sip packets from the Internet, making connections to the SipXecs server, and 
running it out of resources.  I can't say if the packets were an intentional 
DOS, or just an unintended side effect of random probing.  Nonetheless, the 
effect was the same.

   In all cases, blocking port 5060 from the public network was an immediate 
and effective solution.

   If blocking port 5060 outright is not an option, because you need to allow 
outside SIP connections, I have developed a script that might help.  The script 
monitors the log file of successful logins to the web interface, and manages 
iptables firewall rules on the SipX host itself, to only allow connections from 
IP addresses that have successfully authenticated.  We simply tell users that 
if they wish to connect remotely, they first need to login to their voice 
mailbox from whatever IP address they wish to connect from.  This works equally 
well for home users with a laptop and SIP phone behind a NAT gateway, and from 
mobile clients like Bria on the iPhone.

    I'm perfectly willing to share the script, with two forewarnings..

   1) I'd consider it a 'proof of concept', which should be modified for your 
own environment.  It works in the two installations that I've set it up in.

   2) It has no provisions for a high-availability setup.  It wouldn't be too 
hard to setup, but I haven't done so.

I'd considered shooting the script back to the community in the last, but 
putting other fires out has prevented me from taking the time to document it as 
much as I think it should be if anyone were planning to use/include it.

If you'd like to see a copy of it, lemme know, and I can send it your way.

Cheers,

...Steve...

Stephen Beaudry, Manager
Server, Network and Telecom Infrastructures Royal Roads University
T 250.391.2600 ext. 4149<tel:250.391.2600%20ext.%204149>
2005 Sooke Road, Victoria, BC  Canada  V9B 5Y2<x-apple-data-detectors://0/1> 
royalroads.ca<http://royalroads.ca/>

LIFE.CHANGING


On 2012-09-17, at 6:48 AM, "Tony Graziano" 
<tgrazi...@myitdepartment.net<mailto:tgrazi...@myitdepartment.net>> wrote:


Sounds like you are being bothered from the outside.

/var/log/sipxpbx

Is where logs are.

--
~~~~~~~~~~~~~~~~~~
Tony Graziano, Manager
Telephone: 434.984.8430
sip: 
tgrazi...@voice.myitdepartment.net<mailto:tgrazi...@voice.myitdepartment.net>
Fax: 434.465.6833
~~~~~~~~~~~~~~~~~~
Linked-In Profile:
http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4
Ask about our Internet Fax services!
~~~~~~~~~~~~~~~~~~

Using or developing for sipXecs from SIPFoundry? Ask me about sipX-CoLab 2013!

On Sep 17, 2012 9:23 AM, "IT Manager" 
<it.mana...@maf-uganda.org<mailto:it.mana...@maf-uganda.org>> wrote:
Where would I find the proxy and registrar logs – I can’t find them in the web 
interface?
And now you mention it – I do occasionally get lots of emails about there not 
being enough ports or something for media. Hopefully, disabling the internet 
connection will stop any trouble.
So now – should I run the yum update to update everything?
Laurie

From: 
sipx-users-boun...@list.sipfoundry.org<mailto:sipx-users-boun...@list.sipfoundry.org>
 
[mailto:sipx-users-boun...@list.sipfoundry.org<mailto:sipx-users-boun...@list.sipfoundry.org>]
 On Behalf Of Tony Graziano
Sent: 17 September 2012 12:10
To: Discussion list for users of sipXecs software
Subject: Re: [sipx-users] Registrations dropping


Check the proxy and registrar logs. Also check CPU and ram/swap. The logs may 
show a lot of call or registration attempts. If the phone are not registering 
via the internet close off port 5060.

--
~~~~~~~~~~~~~~~~~~
Tony Graziano, Manager
Telephone: 434.984.8430
sip: 
tgrazi...@voice.myitdepartment.net<mailto:tgrazi...@voice.myitdepartment.net>
Fax: 434.465.6833
~~~~~~~~~~~~~~~~~~
Linked-In Profile:
http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4
Ask about our Internet Fax services!
~~~~~~~~~~~~~~~~~~

Using or developing for sipXecs from SIPFoundry? Ask me about sipX-CoLab 2013!
On Sep 17, 2012 2:41 AM, "IT Manager" 
<it.mana...@maf-uganda.org<mailto:it.mana...@maf-uganda.org>> wrote:
Dear all,
I think I have emailed on this before, but I am still struggling with it:
Regularly (read – most mornings) – I will come into the office and all my 
phones have lost their registrations with the server – going to the server’s 
page and restarting all the services (which incidentally all claim to be 
running) fixes the problem and the registrations are ok (until the next time).
Here is my configuration setup:

•         SipXecs 4.4.0 (no yum updates as this seemed to make it lose 
registrations much more frequently)

•         Running as VM (still testing…:() on ESXi free – the host is not 
particularly busy (especially overnight which is when it has it’s issues)

•         Grandstream phones GXP2000 (yes- I know they are crap phones…so don’t 
berate me on them – but they do work fine when they are allowed to register)

•         Firewall 5060 opened to the internet along with the other higher 
ports – could it be falling over due to hacking?

Can anyone help? I cannot install this company wide if it is going to be doing 
this and I know that it works reliably elsewhere in the world…

Thanks,
Laurie

<image001.png>
Laurie Nason
IT Manager
Mission Aviation Fellowship - Uganda
T +256 41 4267462   F +256 41 4267433
PO Box 1, Kampala, Uganda

Mission Aviation Fellowship International.  A company Limited by guarantee, 
registered in England & Wales
Registered Charity Number: 1058226.  Registered Company Number: 3144199.
Registered Office: Operations Centre, Henwood, Ashford, Kent TN24 8DH
<image002.png>www.maf-uganda.org<http://www.maf-uganda.org>


_______________________________________________
sipx-users mailing list
sipx-users@list.sipfoundry.org<mailto:sipx-users@list.sipfoundry.org>
List Archive: http://list.sipfoundry.org/archive/sipx-users/

LAN/Telephony/Security and Control Systems Helpdesk:
Telephone: 434.984.8426
sip: helpd...@voice.myitdepartment.net<mailto:helpd...@voice.myitdepartment.net>

Helpdesk Customers: http://myhelp.myitdepartment.net
Blog: http://blog.myitdepartment.net

--
This message has been scanned for viruses and
dangerous content by MailScanner<http://www.mailscanner.info/>, and is
believed to be clean.

_______________________________________________
sipx-users mailing list
sipx-users@list.sipfoundry.org<mailto:sipx-users@list.sipfoundry.org>
List Archive: http://list.sipfoundry.org/archive/sipx-users/

LAN/Telephony/Security and Control Systems Helpdesk:
Telephone: 434.984.8426
sip: helpd...@voice.myitdepartment.net<mailto:helpd...@voice.myitdepartment.net>

Helpdesk Customers: http://myhelp.myitdepartment.net
Blog: http://blog.myitdepartment.net
_______________________________________________
sipx-users mailing list
sipx-users@list.sipfoundry.org<mailto:sipx-users@list.sipfoundry.org>
List Archive: http://list.sipfoundry.org/archive/sipx-users/

<<inline: image001.png>>

<<inline: image002.png>>

_______________________________________________
sipx-users mailing list
sipx-users@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users/