Help with hackers

I am receiveing a lot of incomming Sip connections from outside. Fur business purposes my system is on a public network. I tried to secured as much as I could but really I ma not an expert. I beleive failban has contented them so far but I am not really sure. Please see
– Executing [011972592581502@from-sip-external:1] NoOp(“SIP/”, “Received incoming SIP connection from unknown peer to 011972592581502”) in new stack
– Executing [011972592581502@from-sip-external:2] Set(“SIP/XX.XX.XX.X-0000006d”, “DID=011972592581502”) in new stack
– Executing [011972592581502@from-sip-external:3] Goto(“SIP/XX.XX.XX.X-0000006d”, “s,1”) in new stack
– Goto (from-sip-external,s,1)
– Executing [s@from-sip-external:1] GotoIf(“SIP/XX.XX.XX.X-0000006d”, “0?checklang:noanonymous”) in new stack
– Goto (from-sip-external,s,5)
– Executing [s@from-sip-external:5] Set(“SIP/XX.XX.XX.X-0000006d”, “TIMEOUT(absolute)=15”) in new stack
Channel will hangup at 2014-05-15 15:23:04.119 EDT.
– Executing [s@from-sip-external:6] Log(“SIP/XX.XX.XX.X-0000006d”, "WARNING,“Rejecting unknown SIP connection from"”) in new stack
[2014-05-15 15:22:49] WARNING[34631]: Ext. s:6 @ from-sip-external: “Rejecting unknown SIP connection from”
– Executing [s@from-sip-external:7] Answer(“SIP/XX.XX.XX.X-0000006d”, “”) in new stack
== Spawn extension (from-sip-external, s, 7) exited non-zero on ‘SIP/XX.XX.XX.X-0000006d’
– Executing [h@from-sip-external:1] Hangup(“SIP/XX.XX.XX.X-0000006d”, “”) in new stack
== Spawn extension (from-sip-external, h, 1) exited non-zero on ‘SIP/XX.XX.XX.X-0000006d’

Also looking at the CDR reports I can see the connections intents.
Call Detail Record

2014-05-15 15:22:49 1400181769.392 0123456 Answer s [from-sip-external] ANSWERED 00:00
2014-05-15 15:21:33 1400181693.391 UNKNOWN Hangup s [app-blacklist-check] ANSWERED 00:08
2014-05-15 15:14:44 1400181284.390 9000 Answer s [from-sip-external] ANSWERED 00:01

I would like to know if they have alreay compromised my system. I would take it out from the Public IP asap. I will look for help from an expert but for now I would like to know if there has been any theft.

Thanks !!!

set Allow Anonymous Inbound SIP Calls to no in Asterisk sip settings.

More securly “set ‘Allow Anonymous Inbound SIP Calls’ and ‘allow SIP guests’ to no in Asterisk sip settings.”

Ok Thanks I had annonymous Sip calls set to no but I had SIP guest to yes both are set to no now. But would that suffice??


It will, do you use fail2ban? that will definitely also help.

You could also use iptables/firewall to completely block external sip or just from a certain IP. VPN is the best bet if you really want users to connect from outside.