I am having some trouble with my Asterisk/FreePBX system as it seems to drop the connection to the SIP provider. I found out that the COMCAST DNS server seems to be pretty unreliable, so I added a couple of other DNS servers, and things seemed to be improving, but then it dropped out again (although it reconnected after an hour or so (around 3 am) by itself. I started to look at other possibilities and stunbled upon the fact that port 5060 is used for signaling. I checked my firewall and 5060 TCP was forwarded to my system, but not UDP. So I set up another rule to forward UDP5060 to my system. Almost immediately I started to receive what I think are hacking attempts (see below). First I tried to block the IPs through my firewall, but that did not seem to work. Even though the firewall says it was blocking the IPs, the hacking continued (from several IP addresses). I then disabled the UDP5060 again, but the attempts continue. A reboot of the system did not do anyhting either.
Is that just coincidence, that the hacking attempts started when I forwarded 5060 UDP? If not, why havent they stopped after I disabled the UDP forwarding again?
Here is a typical log entry:
[2018-04-05 16:05:10] VERBOSE[3490][C-00000008] pbx.c: – Executing [99901500420556674626@from-sip-external:1] NoOp(“SIP/x.x.x.x-0000000a”, “Received incoming SIP connection from unknown peer to 99901500420556674626”) in new stack
[2018-04-05 16:05:10] VERBOSE[3490][C-00000008] pbx.c: – Executing [99901500420556674626@from-sip-external:2] Set(“SIP/x.x.x.x-0000000a”, “DID=99901500420556674626”) in new stack
[2018-04-05 16:05:10] VERBOSE[3490][C-00000008] pbx.c: – Executing [99901500420556674626@from-sip-external:3] Goto(“SIP/x.x.x.x-0000000a”, “s,1”) in new stack
[2018-04-05 16:05:10] VERBOSE[3490][C-00000008] pbx.c: – Goto (from-sip-external,s,1)
[2018-04-05 16:05:10] VERBOSE[3490][C-00000008] pbx.c: – Executing [s@from-sip-external:1] GotoIf(“SIP/x.x.x.x-0000000a”, “0?checklang:noanonymous”) in new stack
[2018-04-05 16:05:10] VERBOSE[3490][C-00000008] pbx.c: – Goto (from-sip-external,s,5)
[2018-04-05 16:05:10] VERBOSE[3490][C-00000008] pbx.c: – Executing [s@from-sip-external:5] Set(“SIP/x.x.x.x-0000000a”, “TIMEOUT(absolute)=15”) in new stack
[2018-04-05 16:05:10] VERBOSE[3490][C-00000008] func_timeout.c: – Channel will hangup at 2018-04-05 16:05:25.424 MDT.
[2018-04-05 16:05:10] VERBOSE[3490][C-00000008] pbx.c: – Executing [s@from-sip-external:6] Log(“SIP/x.x.x.x-0000000a”, "WARNING,“Rejecting unknown SIP connection from 185.107.80.8"”) in new stack
[2018-04-05 16:05:10] WARNING[3490][C-00000008] Ext. s: “Rejecting unknown SIP connection from 185.107.80.8”
[2018-04-05 16:05:10] VERBOSE[3490][C-00000008] pbx.c: – Executing [s@from-sip-external:7] Answer(“SIP/x.x.x.x-0000000a”, “”) in new stack
[2018-04-05 16:05:10] VERBOSE[3490][C-00000008] pbx.c: – Executing [s@from-sip-external:8] Wait(“SIP/x.x.x.x-0000000a”, “2”) in new stack
[2018-04-05 16:05:12] VERBOSE[3490][C-00000008] pbx.c: – Executing [s@from-sip-external:9] Playback(“SIP/x.x.x.x-0000000a”, “ss-noservice”) in new stack
[2018-04-05 16:05:12] VERBOSE[3490][C-00000008] file.c: – <SIP/x.x.x.x-0000000a> Playing ‘ss-noservice.ulaw’ (language ‘en’)
[2018-04-05 16:05:18] VERBOSE[3490][C-00000008] pbx.c: – Executing [s@from-sip-external:10] PlayTones(“SIP/x.x.x.x-0000000a”, “congestion”) in new stack
[2018-04-05 16:05:18] VERBOSE[3490][C-00000008] pbx.c: – Executing [s@from-sip-external:11] Congestion(“SIP/x.x.x.x-0000000a”, “5”) in new stack
[2018-04-05 16:05:23] VERBOSE[3490][C-00000008] pbx.c: == Spawn extension (from-sip-external, s, 11) exited non-zero on ‘SIP/x.x.x.x-0000000a’
[2018-04-05 16:05:23] VERBOSE[3490][C-00000008] pbx.c: – Executing [h@from-sip-external:1] Hangup(“SIP/x.x.x.x-0000000a”, “”) in new stack
[2018-04-05 16:05:23] VERBOSE[3490][C-00000008] pbx.c: == Spawn extension (from-sip-external, h, 1) exited non-zero on ‘SIP/x.x.x.x-0000000a’
[2018-04-05 16:05:42] WARNING[2245] chan_sip.c: Retransmission timeout reached on transmission 5419fc3efc9767227533005d22a8c9a2 for seqno 1 (Critical Response) – See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions