Help abnormal traffic [SOLVED]

claloano · February 2, 2018, 10:29am

Help abnormal traffic

Normally I keep my armored PBX …

But to test connections from public via dynamic ip I opened port 5060 and ports from 10000 to 20000 both in tcp and in udp

Keep in mind that I implemented file2ban

And look at the log I’m not sure how but it seems that they can do something …

Here is the excerpt of the log, if someone can give me an idea of how to defend myself from this would be great, thanks.

[2018-02-02 06:28:47] VERBOSE[14945][C-00000a0e] pbx.c: Executing [333301133972541489@from-sip-external:1] NoOp(“SIP/62.94.218.226-00000d31”, “Received incoming SIP connection from unknown peer to 333301133972541489”) in new stack
[2018-02-02 06:28:47] VERBOSE[14945][C-00000a0e] pbx.c: Executing [333301133972541489@from-sip-external:2] Set(“SIP/62.94.218.226-00000d31”, “DID=333301133972541489”) in new stack
[2018-02-02 06:28:47] VERBOSE[14945][C-00000a0e] pbx.c: Executing [333301133972541489@from-sip-external:3] Goto(“SIP/62.94.218.226-00000d31”, “s,1”) in new stack
[2018-02-02 06:28:47] VERBOSE[14945][C-00000a0e] pbx_builtins.c: Goto (from-sip-external,s,1)
[2018-02-02 06:28:47] VERBOSE[14945][C-00000a0e] pbx.c: Executing [s@from-sip-external:1] GotoIf(“SIP/62.94.218.226-00000d31”, “1?setlanguage:checkanon”) in new stack
[2018-02-02 06:28:47] VERBOSE[14945][C-00000a0e] pbx_builtins.c: Goto (from-sip-external,s,2)
[2018-02-02 06:28:47] VERBOSE[14945][C-00000a0e] pbx.c: Executing [s@from-sip-external:2] Set(“SIP/62.94.218.226-00000d31”, “CHANNEL(language)=it”) in new stack
[2018-02-02 06:28:47] VERBOSE[14945][C-00000a0e] pbx.c: Executing [s@from-sip-external:3] GotoIf(“SIP/62.94.218.226-00000d31”, “1?noanonymous”) in new stack
[2018-02-02 06:28:47] VERBOSE[14945][C-00000a0e] pbx_builtins.c: Goto (from-sip-external,s,5)
[2018-02-02 06:28:47] VERBOSE[14945][C-00000a0e] pbx.c: Executing [s@from-sip-external:5] Set(“SIP/62.94.218.226-00000d31”, “TIMEOUT(absolute)=15”) in new stack
[2018-02-02 06:28:47] VERBOSE[14945][C-00000a0e] func_timeout.c: Channel will hangup at 2018-02-02 06:29:02.744 CET.
[2018-02-02 06:28:47] VERBOSE[14945][C-00000a0e] pbx.c: Executing [s@from-sip-external:6] Log(“SIP/62.94.218.226-00000d31”, "WARNING,“Rejecting unknown SIP connection from 195.154.41.45"”) in new stack
[2018-02-02 06:28:47] WARNING[14945][C-00000a0e] Ext. s: “Rejecting unknown SIP connection from 195.154.41.45”
[2018-02-02 06:28:47] VERBOSE[14945][C-00000a0e] pbx.c: Executing [s@from-sip-external:7] Answer(“SIP/62.94.218.226-00000d31”, “”) in new stack
[2018-02-02 06:28:48] VERBOSE[14945][C-00000a0e] pbx.c: Executing [s@from-sip-external:8] Wait(“SIP/62.94.218.226-00000d31”, “2”) in new stack
[2018-02-02 06:28:50] VERBOSE[14945][C-00000a0e] pbx.c: Executing [s@from-sip-external:9] Playback(“SIP/62.94.218.226-00000d31”, “ss-noservice”) in new stack
[2018-02-02 06:28:50] VERBOSE[14945][C-00000a0e] file.c: <SIP/62.94.218.226-00000d31> Playing ‘ss-noservice.ulaw’ (language ‘it’)
[2018-02-02 06:28:54] VERBOSE[14945][C-00000a0e] pbx.c: Executing [s@from-sip-external:10] PlayTones(“SIP/62.94.218.226-00000d31”, “congestion”) in new stack
[2018-02-02 06:28:54] VERBOSE[14945][C-00000a0e] pbx.c: Executing [s@from-sip-external:11] Congestion(“SIP/62.94.218.226-00000d31”, “5”) in new stack
[2018-02-02 06:28:59] VERBOSE[14945][C-00000a0e] pbx.c: Spawn extension (from-sip-external, s, 11) exited non-zero on ‘SIP/62.94.218.226-00000d31’
[2018-02-02 06:28:59] VERBOSE[14945][C-00000a0e] pbx.c: Executing [h@from-sip-external:1] Hangup(“SIP/62.94.218.226-00000d31”, “”) in new stack
[2018-02-02 06:28:59] VERBOSE[14945][C-00000a0e] pbx.c: Spawn extension (from-sip-external, h, 1) exited non-zero on ‘SIP/62.94.218.226-00000d31’
[2018-02-02 06:29:19] WARNING[2239] chan_sip.c: Retransmission timeout reached on transmission bf50325b564b582f4443f9abcc8051c2 for seqno 1 (Critical Response) – See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32000ms with no response
[2018-02-02 06:33:01] VERBOSE[2239][C-00000a0f] netsock2.c: Using SIP RTP TOS bits 184
[2018-02-02 06:33:01] VERBOSE[2239][C-00000a0f] netsock2.c: Using SIP RTP CoS mark 5
[2018-02-02 06:33:01] VERBOSE[15719][C-00000a0f] pbx.c: Executing [444401133972541489@from-sip-external:1] NoOp(“SIP/62.94.218.226-00000d32”, “Received incoming SIP connection from unknown peer to 444401133972541489”) in new stack
[2018-02-02 06:33:01] VERBOSE[15719][C-00000a0f] pbx.c: Executing [444401133972541489@from-sip-external:2] Set(“SIP/62.94.218.226-00000d32”, “DID=444401133972541489”) in new stack
[2018-02-02 06:33:01] VERBOSE[15719][C-00000a0f] pbx.c: Executing [444401133972541489@from-sip-external:3] Goto(“SIP/62.94.218.226-00000d32”, “s,1”) in new stack
[2018-02-02 06:33:01] VERBOSE[15719][C-00000a0f] pbx_builtins.c: Goto (from-sip-external,s,1)
[2018-02-02 06:33:01] VERBOSE[15719][C-00000a0f] pbx.c: Executing [s@from-sip-external:1] GotoIf(“SIP/62.94.218.226-00000d32”, “1?setlanguage:checkanon”) in new stack
[2018-02-02 06:33:01] VERBOSE[15719][C-00000a0f] pbx_builtins.c: Goto (from-sip-external,s,2)
[2018-02-02 06:33:01] VERBOSE[15719][C-00000a0f] pbx.c: Executing [s@from-sip-external:2] Set(“SIP/62.94.218.226-00000d32”, “CHANNEL(language)=it”) in new stack
[2018-02-02 06:33:01] VERBOSE[15719][C-00000a0f] pbx.c: Executing [s@from-sip-external:3] GotoIf(“SIP/62.94.218.226-00000d32”, “1?noanonymous”) in new stack
[2018-02-02 06:33:01] VERBOSE[15719][C-00000a0f] pbx_builtins.c: Goto (from-sip-external,s,5)
[2018-02-02 06:33:01] VERBOSE[15719][C-00000a0f] pbx.c: Executing [s@from-sip-external:5] Set(“SIP/62.94.218.226-00000d32”, “TIMEOUT(absolute)=15”) in new stack
[2018-02-02 06:33:01] VERBOSE[15719][C-00000a0f] func_timeout.c: Channel will hangup at 2018-02-02 06:33:16.844 CET.
[2018-02-02 06:33:01] VERBOSE[15719][C-00000a0f] pbx.c: Executing [s@from-sip-external:6] Log(“SIP/62.94.218.226-00000d32”, "WARNING,“Rejecting unknown SIP connection from 195.154.41.45"”) in new stack
[2018-02-02 06:33:01] WARNING[15719][C-00000a0f] Ext. s: “Rejecting unknown SIP connection from 195.154.41.45”
[2018-02-02 06:33:01] VERBOSE[15719][C-00000a0f] pbx.c: Executing [s@from-sip-external:7] Answer(“SIP/62.94.218.226-00000d32”, “”) in new stack
[2018-02-02 06:33:02] VERBOSE[15719][C-00000a0f] pbx.c: Executing [s@from-sip-external:8] Wait(“SIP/62.94.218.226-00000d32”, “2”) in new stack
[2018-02-02 06:33:04] VERBOSE[15719][C-00000a0f] pbx.c: Executing [s@from-sip-external:9] Playback(“SIP/62.94.218.226-00000d32”, “ss-noservice”) in new stack
[2018-02-02 06:33:04] VERBOSE[15719][C-00000a0f] file.c: <SIP/62.94.218.226-00000d32> Playing ‘ss-noservice.ulaw’ (language ‘it’)
[2018-02-02 06:33:08] VERBOSE[15719][C-00000a0f] pbx.c: Executing [s@from-sip-external:10] PlayTones(“SIP/62.94.218.226-00000d32”, “congestion”) in new stack
[2018-02-02 06:33:08] VERBOSE[15719][C-00000a0f] pbx.c: Executing [s@from-sip-external:11] Congestion(“SIP/62.94.218.226-00000d32”, “5”) in new stack
[2018-02-02 06:33:13] VERBOSE[15719][C-00000a0f] pbx.c: Spawn extension (from-sip-external, s, 11) exited non-zero on ‘SIP/62.94.218.226-00000d32’
[2018-02-02 06:33:13] VERBOSE[15719][C-00000a0f] pbx.c: Executing [h@from-sip-external:1] Hangup(“SIP/62.94.218.226-00000d32”, “”) in new stack
[2018-02-02 06:33:13] VERBOSE[15719][C-00000a0f] pbx.c: Spawn extension (from-sip-external, h, 1) exited non-zero on ‘SIP/62.94.218.226-00000d32’
[2018-02-02 06:33:33] WARNING[2239] chan_sip.c: Retransmission timeout reached on transmission 5352c95d263e71cfbf6d9c25832773e5 for seqno 1 (Critical Response) – See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32000ms with no response
[2018-02-02 06:39:11] VERBOSE[2239][C-00000a10] netsock2.c: Using SIP RTP TOS bits 184
[2018-02-02 06:39:11] VERBOSE[2239][C-00000a10] netsock2.c: Using SIP RTP CoS mark 5
[2018-02-02 06:39:11] VERBOSE[16707][C-00000a10] pbx.c: Executing [4000441234860088@from-sip-external:1] NoOp(“SIP/62.94.218.226-00000d33”, “Received incoming SIP connection from unknown peer to 4000441234860088”) in new stack
[2018-02-02 06:39:11] VERBOSE[16707][C-00000a10] pbx.c: Executing [4000441234860088@from-sip-external:2] Set(“SIP/62.94.218.226-00000d33”, “DID=4000441234860088”) in new stack
[2018-02-02 06:39:11] VERBOSE[16707][C-00000a10] pbx.c: Executing [4000441234860088@from-sip-external:3] Goto(“SIP/62.94.218.226-00000d33”, “s,1”) in new stack
[2018-02-02 06:39:11] VERBOSE[16707][C-00000a10] pbx_builtins.c: Goto (from-sip-external,s,1)
[2018-02-02 06:39:11] VERBOSE[16707][C-00000a10] pbx.c: Executing [s@from-sip-external:1] GotoIf(“SIP/62.94.218.226-00000d33”, “1?setlanguage:checkanon”) in new stack
[2018-02-02 06:39:11] VERBOSE[16707][C-00000a10] pbx_builtins.c: Goto (from-sip-external,s,2)
[2018-02-02 06:39:11] VERBOSE[16707][C-00000a10] pbx.c: Executing [s@from-sip-external:2] Set(“SIP/62.94.218.226-00000d33”, “CHANNEL(language)=it”) in new stack
[2018-02-02 06:39:11] VERBOSE[16707][C-00000a10] pbx.c: Executing [s@from-sip-external:3] GotoIf(“SIP/62.94.218.226-00000d33”, “1?noanonymous”) in new stack
[2018-02-02 06:39:11] VERBOSE[16707][C-00000a10] pbx_builtins.c: Goto (from-sip-external,s,5)
[2018-02-02 06:39:11] VERBOSE[16707][C-00000a10] pbx.c: Executing [s@from-sip-external:5] Set(“SIP/62.94.218.226-00000d33”, “TIMEOUT(absolute)=15”) in new stack
[2018-02-02 06:39:11] VERBOSE[16707][C-00000a10] func_timeout.c: Channel will hangup at 2018-02-02 06:39:26.630 CET.
[2018-02-02 06:39:11] VERBOSE[16707][C-00000a10] pbx.c: Executing [s@from-sip-external:6] Log(“SIP/62.94.218.226-00000d33”, "WARNING,“Rejecting unknown SIP connection from 54.37.131.175"”) in new stack
[2018-02-02 06:39:11] WARNING[16707][C-00000a10] Ext. s: “Rejecting unknown SIP connection from 54.37.131.175”
[2018-02-02 06:39:11] VERBOSE[16707][C-00000a10] pbx.c: Executing [s@from-sip-external:7] Answer(“SIP/62.94.218.226-00000d33”, “”) in new stack
[2018-02-02 06:39:12] VERBOSE[16707][C-00000a10] pbx.c: Executing [s@from-sip-external:8] Wait(“SIP/62.94.218.226-00000d33”, “2”) in new stack
[2018-02-02 06:39:14] VERBOSE[16707][C-00000a10] pbx.c: Executing [s@from-sip-external:9] Playback(“SIP/62.94.218.226-00000d33”, “ss-noservice”) in new stack
[2018-02-02 06:39:14] VERBOSE[16707][C-00000a10] file.c: <SIP/62.94.218.226-00000d33> Playing ‘ss-noservice.ulaw’ (language ‘it’)
[2018-02-02 06:39:18] VERBOSE[16707][C-00000a10] pbx.c: Executing [s@from-sip-external:10] PlayTones(“SIP/62.94.218.226-00000d33”, “congestion”) in new stack
[2018-02-02 06:39:18] VERBOSE[16707][C-00000a10] pbx.c: Executing [s@from-sip-external:11] Congestion(“SIP/62.94.218.226-00000d33”, “5”) in new stack
[2018-02-02 06:39:23] VERBOSE[16707][C-00000a10] pbx.c: Spawn extension (from-sip-external, s, 11) exited non-zero on ‘SIP/62.94.218.226-00000d33’
[2018-02-02 06:39:23] VERBOSE[16707][C-00000a10] pbx.c: Executing [h@from-sip-external:1] Hangup(“SIP/62.94.218.226-00000d33”, “”) in new stack
[2018-02-02 06:39:23] VERBOSE[16707][C-00000a10] pbx.c: Spawn extension (from-sip-external, h, 1) exited non-zero on ‘SIP/62.94.218.226-00000d33’
[2018-02-02 06:39:43] WARNING[2239] chan_sip.c: Retransmission timeout reached on transmission 41ef21fbd9c26e5bb6de66e4f96de824 for seqno 1 (Critical Response) – See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32000ms with no response
[2018-02-02 06:45:47] VERBOSE[2239][C-00000a11] netsock2.c: Using SIP RTP TOS bits 184
[2018-02-02 06:45:47] VERBOSE[2239][C-00000a11] netsock2.c: Using SIP RTP CoS mark 5
[2018-02-02 06:45:47] VERBOSE[17653][C-00000a11] pbx.c: Executing [777701133972541489@from-sip-external:1] NoOp(“SIP/62.94.218.226-00000d34”, “Received incoming SIP connection from unknown peer to 777701133972541489”) in new stack
[2018-02-02 06:45:47] VERBOSE[17653][C-00000a11] pbx.c: Executing [777701133972541489@from-sip-external:2] Set(“SIP/62.94.218.226-00000d34”, “DID=777701133972541489”) in new stack
[2018-02-02 06:45:47] VERBOSE[17653][C-00000a11] pbx.c: Executing [777701133972541489@from-sip-external:3] Goto(“SIP/62.94.218.226-00000d34”, “s,1”) in new stack
[2018-02-02 06:45:47] VERBOSE[17653][C-00000a11] pbx_builtins.c: Goto (from-sip-external,s,1)
[2018-02-02 06:45:47] VERBOSE[17653][C-00000a11] pbx.c: Executing [s@from-sip-external:1] GotoIf(“SIP/62.94.218.226-00000d34”, “1?setlanguage:checkanon”) in new stack
[2018-02-02 06:45:47] VERBOSE[17653][C-00000a11] pbx_builtins.c: Goto (from-sip-external,s,2)
[2018-02-02 06:45:47] VERBOSE[17653][C-00000a11] pbx.c: Executing [s@from-sip-external:2] Set(“SIP/62.94.218.226-00000d34”, “CHANNEL(language)=it”) in new stack
[2018-02-02 06:45:47] VERBOSE[17653][C-00000a11] pbx.c: Executing [s@from-sip-external:3] GotoIf(“SIP/62.94.218.226-00000d34”, “1?noanonymous”) in new stack
[2018-02-02 06:45:47] VERBOSE[17653][C-00000a11] pbx_builtins.c: Goto (from-sip-external,s,5)
[2018-02-02 06:45:47] VERBOSE[17653][C-00000a11] pbx.c: Executing [s@from-sip-external:5] Set(“SIP/62.94.218.226-00000d34”, “TIMEOUT(absolute)=15”) in new stack
[2018-02-02 06:45:47] VERBOSE[17653][C-00000a11] func_timeout.c: Channel will hangup at 2018-02-02 06:46:02.321 CET.
[2018-02-02 06:45:47] VERBOSE[17653][C-00000a11] pbx.c: Executing [s@from-sip-external:6] Log(“SIP/62.94.218.226-00000d34”, "WARNING,“Rejecting unknown SIP connection from 195.154.41.45"”) in new stack
[2018-02-02 06:45:47] WARNING[17653][C-00000a11] Ext. s: “Rejecting unknown SIP connection from 195.154.41.45”
[2018-02-02 06:45:47] VERBOSE[17653][C-00000a11] pbx.c: Executing [s@from-sip-external:7] Answer(“SIP/62.94.218.226-00000d34”, “”) in new stack
[2018-02-02 06:45:47] VERBOSE[17653][C-00000a11] pbx.c: Executing [s@from-sip-external:8] Wait(“SIP/62.94.218.226-00000d34”, “2”) in new stack
[2018-02-02 06:45:49] VERBOSE[17653][C-00000a11] pbx.c: Executing [s@from-sip-external:9] Playback(“SIP/62.94.218.226-00000d34”, “ss-noservice”) in new stack
[2018-02-02 06:45:49] VERBOSE[17653][C-00000a11] file.c: <SIP/62.94.218.226-00000d34> Playing ‘ss-noservice.ulaw’ (language ‘it’)
[2018-02-02 06:45:54] VERBOSE[17653][C-00000a11] pbx.c: Executing [s@from-sip-external:10] PlayTones(“SIP/62.94.218.226-00000d34”, “congestion”) in new stack
[2018-02-02 06:45:54] VERBOSE[17653][C-00000a11] pbx.c: Executing [s@from-sip-external:11] Congestion(“SIP/62.94.218.226-00000d34”, “5”) in new stack
[2018-02-02 06:45:59] VERBOSE[17653][C-00000a11] pbx.c: Spawn extension (from-sip-external, s, 11) exited non-zero on ‘SIP/62.94.218.226-00000d34’
[2018-02-02 06:45:59] VERBOSE[17653][C-00000a11] pbx.c: Executing [h@from-sip-external:1] Hangup(“SIP/62.94.218.226-00000d34”, “”) in new stack
[2018-02-02 06:45:59] VERBOSE[17653][C-00000a11] pbx.c: Spawn extension (from-sip-external, h, 1) exited non-zero on ‘SIP/62.94.218.226-00000d34’
[2018-02-02 06:46:19] WARNING[2239] chan_sip.c: Retransmission timeout reached on transmission 6bef9f6d41b56c7d4dd2d1f14bfaf464 for seqno 1 (Critical Response) – See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32001ms with no response
[2018-02-02 06:50:03] VERBOSE[2239][C-00000a12] netsock2.c: Using SIP RTP TOS bits 184
[2018-02-02 06:50:03] VERBOSE[2239][C-00000a12] netsock2.c: Using SIP RTP CoS mark 5
[2018-02-02 06:50:03] VERBOSE[18422][C-00000a12] pbx.c: Executing [888801133972541489@from-sip-external:1] NoOp(“SIP/62.94.218.226-00000d35”, “Received incoming SIP connection from unknown peer to 888801133972541489”) in new stack
[2018-02-02 06:50:03] VERBOSE[18422][C-00000a12] pbx.c: Executing [888801133972541489@from-sip-external:2] Set(“SIP/62.94.218.226-00000d35”, “DID=888801133972541489”) in new stack
[2018-02-02 06:50:03] VERBOSE[18422][C-00000a12] pbx.c: Executing [888801133972541489@from-sip-external:3] Goto(“SIP/62.94.218.226-00000d35”, “s,1”) in new stack
[2018-02-02 06:50:03] VERBOSE[18422][C-00000a12] pbx_builtins.c: Goto (from-sip-external,s,1)
[2018-02-02 06:50:03] VERBOSE[18422][C-00000a12] pbx.c: Executing [s@from-sip-external:1] GotoIf(“SIP/62.94.218.226-00000d35”, “1?setlanguage:checkanon”) in new stack
[2018-02-02 06:50:03] VERBOSE[18422][C-00000a12] pbx_builtins.c: Goto (from-sip-external,s,2)
[2018-02-02 06:50:03] VERBOSE[18422][C-00000a12] pbx.c: Executing [s@from-sip-external:2] Set(“SIP/62.94.218.226-00000d35”, “CHANNEL(language)=it”) in new stack
[2018-02-02 06:50:03] VERBOSE[18422][C-00000a12] pbx.c: Executing [s@from-sip-external:3] GotoIf(“SIP/62.94.218.226-00000d35”, “1?noanonymous”) in new stack
[2018-02-02 06:50:03] VERBOSE[18422][C-00000a12] pbx_builtins.c: Goto (from-sip-external,s,5)
[2018-02-02 06:50:03] VERBOSE[18422][C-00000a12] pbx.c: Executing [s@from-sip-external:5] Set(“SIP/62.94.218.226-00000d35”, “TIMEOUT(absolute)=15”) in new stack
[2018-02-02 06:50:03] VERBOSE[18422][C-00000a12] func_timeout.c: Channel will hangup at 2018-02-02 06:50:18.995 CET.
[2018-02-02 06:50:03] VERBOSE[18422][C-00000a12] pbx.c: Executing [s@from-sip-external:6] Log(“SIP/62.94.218.226-00000d35”, "WARNING,“Rejecting unknown SIP connection from 195.154.41.45"”) in new stack
[2018-02-02 06:50:03] WARNING[18422][C-00000a12] Ext. s: “Rejecting unknown SIP connection from 195.154.41.45”
[2018-02-02 06:50:03] VERBOSE[18422][C-00000a12] pbx.c: Executing [s@from-sip-external:7] Answer(“SIP/62.94.218.226-00000d35”, “”) in new stack
[2018-02-02 06:50:04] VERBOSE[18422][C-00000a12] pbx.c: Executing [s@from-sip-external:8] Wait(“SIP/62.94.218.226-00000d35”, “2”) in new stack
[2018-02-02 06:50:06] VERBOSE[18422][C-00000a12] pbx.c: Executing [s@from-sip-external:9] Playback(“SIP/62.94.218.226-00000d35”, “ss-noservice”) in new stack
[2018-02-02 06:50:06] VERBOSE[18422][C-00000a12] file.c: <SIP/62.94.218.226-00000d35> Playing ‘ss-noservice.ulaw’ (language ‘it’)
[2018-02-02 06:50:10] VERBOSE[18422][C-00000a12] pbx.c: Executing [s@from-sip-external:10] PlayTones(“SIP/62.94.218.226-00000d35”, “congestion”) in new stack
[2018-02-02 06:50:10] VERBOSE[18422][C-00000a12] pbx.c: Executing [s@from-sip-external:11] Congestion(“SIP/62.94.218.226-00000d35”, “5”) in new stack
[2018-02-02 06:50:15] VERBOSE[18422][C-00000a12] pbx.c: Spawn extension (from-sip-external, s, 11) exited non-zero on ‘SIP/62.94.218.226-00000d35’
[2018-02-02 06:50:15] VERBOSE[18422][C-00000a12] pbx.c: Executing [h@from-sip-external:1] Hangup(“SIP/62.94.218.226-00000d35”, “”) in new stack
[2018-02-02 06:50:15] VERBOSE[18422][C-00000a12] pbx.c: Spawn extension (from-sip-external, h, 1) exited non-zero on ‘SIP/62.94.218.226-00000d35’
[2018-02-02 06:50:35] WARNING[2239] chan_sip.c: Retransmission timeout reached on transmission d3891977ca84177083e24c20df811903 for seqno 1 (Critical Response) – See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 31999ms with no response

claloano · February 2, 2018, 10:55am

Look it’s important …
In the log it comes like this:

[2018-02-02 06:39:11] VERBOSE [16707] [C-00000a10] pbx.c: Executing [s @ from-sip-external: 6] Log (“SIP / 62.94.218.226-00000d33”, " WARNING, “Rejecting unknown SIP connection from 54.37.131.175” ") in new stack
[2018-02-02 06:39:11] WARNING [16707] [C-00000a10] Ext. S: “Rejecting unknown SIP connection from 54.37.131.175”

You will see that the IP address is followed by double repeated quotation marks: 54.37.131.175 “”

I think this deceives the control rules of the file2ban what do you think ???

lgaetz · February 2, 2018, 12:59pm

In Asterisk SIP Settings you need to disable both “Allow SIP Guests” and “Allow Anonymous Inbound SIP Calls”. I also recommend using Responsive Firewall managing access from untrusted hosts:
https://wiki.freepbx.org/display/FPG/Responsive+Firewall

claloano · February 2, 2018, 1:18pm

You must not allow access to the anonymous ones certainly

The point is that I do not want even to try !!!

I severely tightened the rules of fail2ban, just one attempt and banned for 24 hours

If you try again a second time banned for a week

It seems better to me but I check how it behaves for some time to avoid other surprises and I do a post

lgaetz · February 2, 2018, 1:21pm

The log lines provided are not really evidence of intrusion attempts. Think of it like someone ringing your doorbell.

claloano · February 2, 2018, 1:27pm

Yes, it’s true, I agree

I’ll be a bit biased but I do not see why they have to ring my bell …

Quandi I put them outside the gate where there is no bell

And then let’s face it … the scripts often start so before they take a look and then try to get in, do not you find?

claloano · February 5, 2018, 3:12pm

In fact, by tightening up the rules and increasing the exclusion time, the attempts have become very rare

Excellent file2ban benconfigurabile and very harmonious

system · February 5, 2019, 3:12pm

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.