It means port 5060 is open (I.e. for remote users). Callers need to authenticate in order to make calls.
These are from scripts probing weak security. If the system was compromised the status would not be failed. This is mostly preventable at your firewall by closing 5060 if you don't support remote users or using cps or country blocks for your firewall as well as other methods to keep uninvited guests out. This has been discussed many times on the list. On Oct 28, 2012 11:59 AM, "Joe Conway" <[email protected]> wrote: > While looking through my CDR history I noticed the following two records > from yesterday afternoon. > > From To Start > ------- --------------- ---------------- > 5550000 011972599537676 10/27/12 3:17 PM > > Duration Status > -------- ------ > 00:00:00 Failed > > From To Start > ------- --------------- ---------------- > 5550000 9011972599537676 10/27/12 3:18 PM > Duration Status > -------- ------ > 00:00:00 Failed > > Is it safe to assume from those records that my system has been > compromised (I know that no legitimate calls were attempted in that time > frame, let alone international ones)? > > Does the "From 5550000" provide any clue as to how the system was > compromised? > > FWIW, I am running a very old version: > 4.2.1-018971.21.0 2011-05-24T20:34:29 snowbird.hubler.us > Would upgrading plug some known hole that might be getting exploited here? > > Thanks for any insights. > > Joe > > > -- > Joe Conway > credativ LLC: http://www.credativ.us > Linux, PostgreSQL, and general Open Source > Training, Service, Consulting, & 24x7 Support > > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > -- LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected] Helpdesk Customers: http://myhelp.myitdepartment.net Blog: http://blog.myitdepartment.net
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
