How is server being accessed?

I have a fairly generic FreePBX Distro (fully updated) installed behind a Netgear router. Allow Anonymous SIP is disabled. To the best of my knowledge no SIP ports are open in my router. How is it that someone is able to access my FreePBX server?

Thanks for the help.

Tim

CDR Report
2014-11-14 20:01:45 CHAN_START 101 101 DEFAULT 011972592207587 from-sip-external SIP/x.x.x.x-00000037
2014-11-14 20:01:45 ANSWER 101 101 101 011972592207587 DEFAULT s from-sip-external Answer SIP/x.x.x.x-00000037
2014-11-14 20:01:46 HANGUP 101 101 101 011972592207587 DEFAULT h from-sip-external SIP/x.x.x.x-00000037
2014-11-14 20:01:46 CHAN_END 101 101 101 011972592207587 DEFAULT h from-sip-external SIP/x.x.x.x-00000037
2014-11-14 20:01:46 LINKEDID_END 101 101 101 011972592207587 DEFAULT h from-sip-external SIP/x.x.x.x-00000037

From /var/log/asterisk/full

[2014-11-14 15:09:44] VERBOSE[1704][C-00000052] pbx.c: – Executing [[email protected]:6] Log(“SIP/x.x.x.x-000000e4”, "WARNING,“Rejecting unknown SIP connection from 212.129.10.161"”) in new stack
[2014-11-14 15:09:44] WARNING[1704][C-00000052] Ext. s: “Rejecting unknown SIP connection from 212.129.10.161”
[2014-11-14 15:49:03] VERBOSE[2576][C-00000005] pbx.c: – Executing [[email protected]:6] Log(“SIP/x.x.x.x-0000001a”, "WARNING,“Rejecting unknown SIP connection from 212.83.132.88"”) in new stack
[2014-11-14 15:49:03] WARNING[2576][C-00000005] Ext. s: “Rejecting unknown SIP connection from 212.83.132.88”
[2014-11-14 15:51:29] VERBOSE[2636][C-00000006] pbx.c: – Executing [[email protected]:6] Log(“SIP/x.x.x.x-0000001b”, "WARNING,“Rejecting unknown SIP connection from 212.83.132.88"”) in new stack
[2014-11-14 15:51:29] WARNING[2636][C-00000006] Ext. s: “Rejecting unknown SIP connection from 212.83.132.88”
[2014-11-14 15:51:32] VERBOSE[2637][C-00000007] pbx.c: – Executing [[email protected]:6] Log(“SIP/x.x.x.x-0000001c”, "WARNING,“Rejecting unknown SIP connection from 212.83.132.88"”) in new stack
[2014-11-14 15:51:32] WARNING[2637][C-00000007] Ext. s: “Rejecting unknown SIP connection from 212.83.132.88”
[2014-11-14 15:53:46] VERBOSE[2686][C-00000008] pbx.c: – Executing [[email protected]:6] Log(“SIP/x.x.x.x-0000001d”, "WARNING,“Rejecting unknown SIP connection from 212.83.132.88"”) in new stack
[2014-11-14 15:53:46] WARNING[2686][C-00000008] Ext. s: “Rejecting unknown SIP connection from 212.83.132.88”
[2014-11-14 18:10:24] VERBOSE[6579][C-0000000b] pbx.c: – Executing [[email protected]:6] Log(“SIP/x.x.x.x-00000032”, "WARNING,“Rejecting unknown SIP connection from 107.150.44.218"”) in new stack
[2014-11-14 18:10:24] WARNING[6579][C-0000000b] Ext. s: “Rejecting unknown SIP connection from 107.150.44.218”
[2014-11-14 18:10:29] VERBOSE[6580][C-0000000c] pbx.c: – Executing [[email protected]:6] Log(“SIP/x.x.x.x-00000033”, "WARNING,“Rejecting unknown SIP connection from 107.150.44.218"”) in new stack
[2014-11-14 18:10:29] WARNING[6580][C-0000000c] Ext. s: “Rejecting unknown SIP connection from 107.150.44.218”
[2014-11-14 18:10:30] VERBOSE[6581][C-0000000d] pbx.c: – Executing [[email protected]:6] Log(“SIP/x.x.x.x-00000034”, "WARNING,“Rejecting unknown SIP connection from 107.150.44.218"”) in new stack
[2014-11-14 18:10:30] WARNING[6581][C-0000000d] Ext. s: “Rejecting unknown SIP connection from 107.150.44.218”
[2014-11-14 20:00:19] VERBOSE[9531][C-0000000e] pbx.c: – Executing [[email protected]:6] Log(“SIP/x.x.x.x-00000035”, "WARNING,“Rejecting unknown SIP connection from 107.182.20.226"”) in new stack
[2014-11-14 20:00:19] WARNING[9531][C-0000000e] Ext. s: “Rejecting unknown SIP connection from 107.182.20.226”
[2014-11-14 20:00:45] VERBOSE[9532][C-0000000f] pbx.c: – Executing [[email protected]:6] Log(“SIP/x.x.x.x-00000036”, "WARNING,“Rejecting unknown SIP connection from 107.182.20.226"”) in new stack
[2014-11-14 20:00:45] WARNING[9532][C-0000000f] Ext. s: “Rejecting unknown SIP connection from 107.182.20.226”
[2014-11-14 20:01:45] VERBOSE[9568][C-00000010] pbx.c: – Executing [[email protected]:6] Log(“SIP/x.x.x.x-00000037”, "WARNING,“Rejecting unknown SIP connection from 107.182.20.226"”) in new stack
[2014-11-14 20:01:45] WARNING[9568][C-00000010] Ext. s: “Rejecting unknown SIP connection from 107.182.20.226”

Do you also reject "guest"calls? (allowguest=no)

Thanks, I just added that to sip_general_custom.conf

I’ll follow up tomorrow to see if that helps.

That’s a setting in sip settings. You shouldn’t be setting it manually in the custom file

Andrew, I’m running FreePBX 12.0.9 on Distro 6.12.65-20. I don’t see an option for allowguest in http://x.x.x.x/admin/config.php?display=sipsettings.

Dicko, I don’t see new entries in …/full or in the CDR report, THANKS!

Tim

It’s actually there under a different name, but don’t worry it will work just fine in

sip_general_custom.conf

or from the GUI, as everything will be set by Asteriskj to the last readline following the file inclusion tree, and sip_general_custom.conf is read after the GUI set one in sip_general_additional.conf
.

Ah, now I found it. I neglected to notice the chan sip (A) on the upper right hand of the screen. Nice to know as I was also setting bind port back to 5060 in the custom file as well.

Hi, I have the same question - a FreePBX server sat behind a NAT firewall with no open ports - how is it that I am getting “pings” hitting the server from an IP in the Netherlands? Even just from a networking point of view I don’t understand this.
Thanks!

Where are you seeing these so called ‘pings’ ?

:smiley: I’m seeing them in the logs, or, I was, until I turned off allow sip guests

e.g. Ext. s: “Rejecting unknown SIP connection from 212.xxx.10.xx”

I just don’t understand how they’re able to pass through the firewall and the NAT to even attempt a connection

That would depend on the efficacy of your firewall, NAT is kindofa a red herring.

Golly. My understanding of Modem/router NAT firewalls just got turned on its head. Thanks Dicko!

dropping 212.xxx.10.xx at a hardware firewall would stop asterisk seeing it , dropping 212.xxx.10.xx iptables on the FreePBX box would stop Asterisk seeing it, but not sngrep which watches traffic pre iptables. In the absense of both, then anonymous and guest connections can be rejected but still seen in the logs

Interesting! I had a look at the port forwarding page on the router and what’s strange is that port 5062 was forwarded to the FreePBX server on the LAN, but it was only when querying port 5160 (my SIP port) that this tool found an open port. Querying 5060 (my PJSIP port) returned a closed port.
I’ve had a look at my Asterix SIP settings page in FreePBX and found no reference to port 5062 anywhere.
Anyway after deleting the port forwarding 5062 rule, both ports return closed using the above online port scanning tool.

Thanks!