I am receiveing a lot of incomming Sip connections from outside. Fur business purposes my system is on a public network. I tried to secured as much as I could but really I ma not an expert. I beleive failban has contented them so far but I am not really sure. Please see
– Executing [011972592581502@from-sip-external:1] NoOp(“SIP/38.105.99.4-0000006d”, “Received incoming SIP connection from unknown peer to 011972592581502”) in new stack
– Executing [011972592581502@from-sip-external:2] Set(“SIP/XX.XX.XX.X-0000006d”, “DID=011972592581502”) in new stack
– Executing [011972592581502@from-sip-external:3] Goto(“SIP/XX.XX.XX.X-0000006d”, “s,1”) in new stack
– Goto (from-sip-external,s,1)
– Executing [s@from-sip-external:1] GotoIf(“SIP/XX.XX.XX.X-0000006d”, “0?checklang:noanonymous”) in new stack
– Goto (from-sip-external,s,5)
– Executing [s@from-sip-external:5] Set(“SIP/XX.XX.XX.X-0000006d”, “TIMEOUT(absolute)=15”) in new stack
Channel will hangup at 2014-05-15 15:23:04.119 EDT.
– Executing [s@from-sip-external:6] Log(“SIP/XX.XX.XX.X-0000006d”, "WARNING,“Rejecting unknown SIP connection from 208.69.231.210"”) in new stack
[2014-05-15 15:22:49] WARNING[34631]: Ext. s:6 @ from-sip-external: “Rejecting unknown SIP connection from 208.69.231.210”
– Executing [s@from-sip-external:7] Answer(“SIP/XX.XX.XX.X-0000006d”, “”) in new stack
== Spawn extension (from-sip-external, s, 7) exited non-zero on ‘SIP/XX.XX.XX.X-0000006d’
– Executing [h@from-sip-external:1] Hangup(“SIP/XX.XX.XX.X-0000006d”, “”) in new stack
== Spawn extension (from-sip-external, h, 1) exited non-zero on ‘SIP/XX.XX.XX.X-0000006d’
Also looking at the CDR reports I can see the connections intents.
Call Detail Record
2014-05-15 15:22:49 1400181769.392 0123456 Answer s [from-sip-external] ANSWERED 00:00
2014-05-15 15:21:33 1400181693.391 UNKNOWN Hangup s [app-blacklist-check] ANSWERED 00:08
2014-05-15 15:14:44 1400181284.390 9000 Answer s [from-sip-external] ANSWERED 00:01
I would like to know if they have alreay compromised my system. I would take it out from the Public IP asap. I will look for help from an expert but for now I would like to know if there has been any theft.
Thanks !!!