Hello,
There is a log in our CDR report that shows congestion from callerID “100” and “1000”. These are not valid extensions. What does this mean? I see multiple entries of these logs.
Usually it means that you are under attack. Have you disabled anonymous and guest sip calls?
It’s definitely an attack. I second what Dicko says, and if you need some help feel free to PM me.
We have Allow SIP Guests as Yes but we have “Allow Anonymous Inbound SIP Calls” as No. Our understanding is that we will see the attempt in our log (because we allow SIP Guests) but the attacker won’t really be able to get in because we do not allow anonymous inbound SIP calls?
You should probably never allow SIP guests unless you have a good reason to, by doing so you leak information to those that would attack you later.
Is it possible we may be blocking some calls if we set “Allow SIP Guests” as No?
Well, only guest calls, do you have any guests you want to give access to? (Guests are basically attempted connections that are not associated with a legitimate extension/endpoint)
We don’t really know who are the “guest” are. Are calls coming from our sip trunk that goes into our queues considered as guest?
Are you still “allowing guest” connections?
Yes. We have not changed it. We need to make sure that if we don’t allow guest, we won’t miss a valid call. That is the main concern.
Then expect the same problems to continue, if you allow them then they can sniff your SIP stack. If you know your endpoints, then define them and they are no longer “guests”.
You clearly do not understand who “guest” calls are.
You can’t “miss” a guest call - they are squatters on your server, using your resources for free and launching attacks on other people’s server. There is no downside for a neophyte to disallow guest logins.
As always, you can do whatever you want, but when this turns into a $15,000 phone bill, don’t come crying back here asking for help again.
A feature request: whenever anyone allows “guest” logins to their server, they should have to pay the forum $5 so that when they come here wonder why they have a $15,000 phone bill or their server is so busy none of their legitimate users can use it, we can at least get a nice Christmas present at the end of they year.
To cynjut, I did mentioned earlier that we do not really know who are the guests. Before we make changes on our end, we need to understand what is considered as a guest call and not a guest call. I am posting here to get some help. Your post isn’t very helpful at all.
I don’t know how to express is better . . .
Did you disabled the feature and had problems with receiving calls?
If you have set up your pbx properly then disabling this feature will not break anything.
Disabling it and debugging the problems is better from waiting the bill with calls to South Africa.