Debug src ip ", "Received incoming SIP connection from unknown peer to 123") in new stack"

drvirus · April 11, 2019, 6:27pm

Hey Folks ,
im checking logs on my asterisk and we are seeing two kind of hacking trials .

once as :
[2019-04-11 04:47:05] VERBOSE[7213][C-0000017a] pbx.c: Executing [s@from-sip-external:6] Log(“SIP/12.13.130.226-0000017a”, "WARNING,“Rejecting unknown SIP connection from 185.53.88.164"”) in new stack

and one as :

[2019-04-11 05:06:41] VERBOSE[9474][C-000001fb] pbx.c: Executing [123@from-sip-external:1] NoOp(“SIP/12.13.130.226-000001fb”, “Received incoming SIP connection from unknown peer to 123”) in new stack

note the 1st one we can know the src ip of attacker . 185.53.88.164

but the 2nd log we have see “unknown peer” " no attacker ip "

how can i debug the src ip of attacker so that in all cases we debug and see src ip who is sending calls to the server ?

Thanks

dicko · April 11, 2019, 8:38pm

Checkout

sngrep

it will see traffic even before it hits asterisk

drvirus · April 13, 2019, 10:25am

i dont understand .

why some calls come with src ip and other calls without src ip ?!!

i think this option comes from freepbx not asterisk .

do you think we can tune freepbx to display that src ip in logs ?

system · April 20, 2019, 10:25am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.