Thanks all - that seems to have fixed the issue - so now no internet
access until everything inside our network is happy! And then probably
only vpn connections allowed after that!

Laurie

 

From: [email protected]
[mailto:[email protected]] On Behalf Of Steve
Beaudry
Sent: 18 September 2012 01:50
To: Discussion list for users of sipXecs software
Cc: Discussion list for users of sipXecs software
Subject: Re: [sipx-users] Registrations dropping

 

Ahhh.  We (and the script) do not allow SIP calls from anything other
than our users' SIP endpoints..  It is a closed SIP system, with all
'public' calling happening via PSTN gateway.

 

The script is a mid-way point between 'allow everything' and 'allow
nothing'.

 

...Steve...




On 2012-09-17, at 3:43 PM, "Tony Graziano"
<[email protected]> wrote:

        Then how does your script discern a real sip call from a foreign
system? It must not be allowed since there is no phone registered. 

        -- 
        ~~~~~~~~~~~~~~~~~~
        Tony Graziano, Manager
        Telephone: 434.984.8430
        sip: [email protected]
        Fax: 434.465.6833
        ~~~~~~~~~~~~~~~~~~
        Linked-In Profile:
        http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4
        Ask about our Internet Fax services!
        ~~~~~~~~~~~~~~~~~~

        Using or developing for sipXecs from SIPFoundry? Ask me about
sipX-CoLab 2013!

        On Sep 17, 2012 5:19 PM, "Steve Beaudry"
<[email protected]> wrote:

        Tony,  I must now disagree.  The script serves to block both
registration attempts and blod call attempts.  

         

           Essentially, there is a 'block all access from outside IPs'
rule, and the script adds exceptions for those who have successfully
logged in (on port 80/8443, which has a permanent exception).

         

           ALL sip traffic is blocked/discarded unless it's from a known
IP.

         

           You are correct, however, that the typical attempts we see
are simply 'blind call attempts', not registation attempts.

         

        Respectfully,

         

        ...Steve...
        
        

        
        On 2012-09-17, at 2:13 PM, "Tony Graziano"
<[email protected]> wrote:

                The registrations could be because of bogus registration
attempts. BUT if these are call attempts (not registrations) against the
proxy, they will effectively use resources if the attempts are
consistent enough in volume to effectively eat the resources away until
the registrar can't process registrations. 

                 

                1. look at your CDR's for the day of and day before to
see if there are bogus call attempt.

                2. Inspect your logs (sipXproxy.log and
sipregistrar.log)

                3. Consider some measures by means of firewall rules to
rate limit your connections per second, etc.

                4. Steve's script might help IF the attempts are to
register, but if it is simply probing your server to send calls through
it without registering, it will not help.

                On Mon, Sep 17, 2012 at 4:06 PM, Steve Beaudry
<[email protected]> wrote:

                Hi Laurie,

                 

                   I have to agree with Tony here.  I've had exactly the
same issue you describe at two different installations, and in every
case it turned out to be sip packets from the Internet, making
connections to the SipXecs server, and running it out of resources.  I
can't say if the packets were an intentional DOS, or just an unintended
side effect of random probing.  Nonetheless, the effect was the same.

                 

                   In all cases, blocking port 5060 from the public
network was an immediate and effective solution.

                 

                   If blocking port 5060 outright is not an option,
because you need to allow outside SIP connections, I have developed a
script that might help.  The script monitors the log file of successful
logins to the web interface, and manages iptables firewall rules on the
SipX host itself, to only allow connections from IP addresses that have
successfully authenticated.  We simply tell users that if they wish to
connect remotely, they first need to login to their voice mailbox from
whatever IP address they wish to connect from.  This works equally well
for home users with a laptop and SIP phone behind a NAT gateway, and
from mobile clients like Bria on the iPhone.

                 

                    I'm perfectly willing to share the script, with two
forewarnings..  

                 

                   1) I'd consider it a 'proof of concept', which should
be modified for your own environment.  It works in the two installations
that I've set it up in.  

                 

                   2) It has no provisions for a high-availability
setup.  It wouldn't be too hard to setup, but I haven't done so.

                 

                I'd considered shooting the script back to the community
in the last, but putting other fires out has prevented me from taking
the time to document it as much as I think it should be if anyone were
planning to use/include it.

                 

                If you'd like to see a copy of it, lemme know, and I can
send it your way.

                 

                Cheers,

                 

                ...Steve...

                 

                Stephen Beaudry, Manager

                Server, Network and Telecom Infrastructures Royal Roads
University

                T 250.391.2600 ext. 4149
<tel:250.391.2600%20ext.%204149> 

                2005 Sooke Road, Victoria, BC  Canada  V9B 5Y2
royalroads.ca <http://royalroads.ca/> 

                 

                LIFE.CHANGING

                 

                
                On 2012-09-17, at 6:48 AM, "Tony Graziano"
<[email protected]> wrote:

                        Sounds like you are being bothered from the
outside.

                        /var/log/sipxpbx 

                        Is where logs are.

                        -- 
                        ~~~~~~~~~~~~~~~~~~
                        Tony Graziano, Manager
                        Telephone: 434.984.8430
                        sip: [email protected]
                        Fax: 434.465.6833
                        ~~~~~~~~~~~~~~~~~~
                        Linked-In Profile:
        
http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4
                        Ask about our Internet Fax services!
                        ~~~~~~~~~~~~~~~~~~

                        Using or developing for sipXecs from SIPFoundry?
Ask me about sipX-CoLab 2013!

                        On Sep 17, 2012 9:23 AM, "IT Manager"
<[email protected]> wrote:

                                Where would I find the proxy and
registrar logs - I can't find them in the web interface?

                                And now you mention it - I do
occasionally get lots of emails about there not being enough ports or
something for media. Hopefully, disabling the internet connection will
stop any trouble.

                                So now - should I run the yum update to
update everything?

                                Laurie

                                 

                                From:
[email protected]
[mailto:[email protected]] On Behalf Of Tony
Graziano
                                Sent: 17 September 2012 12:10
                                To: Discussion list for users of sipXecs
software
                                Subject: Re: [sipx-users] Registrations
dropping

                                 

                                Check the proxy and registrar logs. Also
check CPU and ram/swap. The logs may show a lot of call or registration
attempts. If the phone are not registering via the internet close off
port 5060.

                                -- 
                                ~~~~~~~~~~~~~~~~~~
                                Tony Graziano, Manager
                                Telephone: 434.984.8430
                                sip: [email protected]
                                Fax: 434.465.6833
                                ~~~~~~~~~~~~~~~~~~
                                Linked-In Profile:
        
http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4
                                Ask about our Internet Fax services!
                                ~~~~~~~~~~~~~~~~~~

                                Using or developing for sipXecs from
SIPFoundry? Ask me about sipX-CoLab 2013!

                                On Sep 17, 2012 2:41 AM, "IT Manager"
<[email protected]> wrote:

                                Dear all,

                                I think I have emailed on this before,
but I am still struggling with it:

                                Regularly (read - most mornings) - I
will come into the office and all my phones have lost their
registrations with the server - going to the server's page and
restarting all the services (which incidentally all claim to be running)
fixes the problem and the registrations are ok (until the next time).

                                Here is my configuration setup:

                                *         SipXecs 4.4.0 (no yum updates
as this seemed to make it lose registrations much more frequently)

                                *         Running as VM (still
testing...L) on ESXi free - the host is not particularly busy
(especially overnight which is when it has it's issues)

                                *         Grandstream phones GXP2000
(yes- I know they are crap phones...so don't berate me on them - but
they do work fine when they are allowed to register)

                                *         Firewall 5060 opened to the
internet along with the other higher ports - could it be falling over
due to hacking?

                                 

                                Can anyone help? I cannot install this
company wide if it is going to be doing this and I know that it works
reliably elsewhere in the world...

                                 

                                Thanks,

                                Laurie

                                 

                                <image001.png>

                                Laurie Nason

                                IT Manager

                                Mission Aviation Fellowship - Uganda


                                T +256 41 4267462   F +256 41 4267433

                                PO Box 1, Kampala, Uganda

                                 

                                Mission Aviation Fellowship
International.  A company Limited by guarantee, registered in England &
Wales

                                Registered Charity Number: 1058226.
Registered Company Number: 3144199. 

                                Registered Office: Operations Centre,
Henwood, Ashford, Kent TN24 8DH

                                <image002.png>www.maf-uganda.org

                                 

                                
        
_______________________________________________
                                sipx-users mailing list
                                [email protected]
                                List Archive:
http://list.sipfoundry.org/archive/sipx-users/

                                 

                                LAN/Telephony/Security and Control
Systems Helpdesk:

                                Telephone: 434.984.8426

                                sip: [email protected]

                                 

                                Helpdesk Customers:
http://myhelp.myitdepartment.net

                                Blog: http://blog.myitdepartment.net

                                
                                -- 
                                This message has been scanned for
viruses and 
                                dangerous content by MailScanner
<http://www.mailscanner.info/> , and is 
                                believed to be clean. 

                                
        
_______________________________________________
                                sipx-users mailing list
                                [email protected]
                                List Archive:
http://list.sipfoundry.org/archive/sipx-users/

                         

                        LAN/Telephony/Security and Control Systems
Helpdesk:

                        Telephone: 434.984.8426

                        sip: [email protected]

                         

                        Helpdesk Customers:
http://myhelp.myitdepartment.net

                        Blog: http://blog.myitdepartment.net

                        _______________________________________________
                        sipx-users mailing list
                        [email protected]
                        List Archive:
http://list.sipfoundry.org/archive/sipx-users/

                
                _______________________________________________
                sipx-users mailing list
                [email protected]
                List Archive:
http://list.sipfoundry.org/archive/sipx-users/

                
                
                

                 

                -- 
                ~~~~~~~~~~~~~~~~~~
                Tony Graziano, Manager
                Telephone: 434.984.8430
                sip: [email protected]
                Fax: 434.465.6833
                ~~~~~~~~~~~~~~~~~~
                Linked-In Profile:
                http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4
                Ask about our Internet Fax services!
                ~~~~~~~~~~~~~~~~~~ 

                 

                Using or developing for sipXecs from SIPFoundry? Ask me
about sipX-CoLab 2013!
        
<http://sipxcolab2013.eventbrite.com/?discount=tony2013> 

                 

                 

                LAN/Telephony/Security and Control Systems Helpdesk:

                Telephone: 434.984.8426

                sip: [email protected]

                 

                Helpdesk Customers: http://myhelp.myitdepartment.net

                Blog: http://blog.myitdepartment.net

                _______________________________________________
                sipx-users mailing list
                [email protected]
                List Archive:
http://list.sipfoundry.org/archive/sipx-users/

        
        _______________________________________________
        sipx-users mailing list
        [email protected]
        List Archive: http://list.sipfoundry.org/archive/sipx-users/

         

        LAN/Telephony/Security and Control Systems Helpdesk:

        Telephone: 434.984.8426

        sip: [email protected]

         

        Helpdesk Customers: http://myhelp.myitdepartment.net

        Blog: http://blog.myitdepartment.net

        _______________________________________________
        sipx-users mailing list
        [email protected]
        List Archive: http://list.sipfoundry.org/archive/sipx-users/


-- 
This message has been scanned for viruses and 
dangerous content by MailScanner <http://www.mailscanner.info/> , and is

believed to be clean. 

_______________________________________________
sipx-users mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users/

Reply via email to