Lots of unknown sip calls in logs

Hi,
I see a lot of unknown sip calls coming into my pbx with callerid’s like 100, 105, 600, etc What is this and how can I stop it?

Thx

[2013-09-06 23:41:40] VERBOSE[3461][C-00000074] pbx.c: -- Executing [[email protected]:2] Set("SIP/81.82.253.38-00000074", "DID=111100972595660432") in new stack
[2013-09-06 23:41:40] VERBOSE[3461][C-00000074] pbx.c: -- Executing [[email protected]:3] Goto("SIP/81.82.253.38-00000074", "s,1") in new stack
[2013-09-06 23:41:40] VERBOSE[3461][C-00000074] pbx.c: -- Goto (from-sip-external,s,1)
[2013-09-06 23:41:40] VERBOSE[3461][C-00000074] pbx.c: -- Executing [[email protected]:1] GotoIf("SIP/81.82.253.38-00000074", "0?checklang:noanonymous") in new stack
[2013-09-06 23:41:40] VERBOSE[3461][C-00000074] pbx.c: -- Goto (from-sip-external,s,5)
[2013-09-06 23:41:40] VERBOSE[3461][C-00000074] pbx.c: -- Executing [[email protected]:5] Set("SIP/81.82.253.38-00000074", "TIMEOUT(absolute)=15") in new stack
[2013-09-06 23:41:40] VERBOSE[3461][C-00000074] func_timeout.c: -- Channel will hangup at 2013-09-06 23:41:55.467 CEST.
[2013-09-06 23:41:40] VERBOSE[3461][C-00000074] pbx.c: -- Executing [[email protected]:6] Answer("SIP/81.82.253.38-00000074", "") in new stack
[2013-09-06 23:41:40] VERBOSE[3461][C-00000074] pbx.c: == Spawn extension (from-sip-external, s, 6) exited non-zero on 'SIP/81.82.253.38-00000074'
[2013-09-06 23:41:40] VERBOSE[3461][C-00000074] pbx.c: -- Executing [[email protected]:1] Hangup("SIP/81.82.253.38-00000074", "") in new stack
[2013-09-06 23:41:40] VERBOSE[3461][C-00000074] pbx.c: == Spawn extension (from-sip-external, h, 1) exited non-zero on 'SIP/81.82.253.38-00000074'
[2013-09-06 23:41:44] VERBOSE[2988][C-00000075] netsock2.c: == Using SIP VIDEO TOS bits 136
[2013-09-06 23:41:44] VERBOSE[2988][C-00000075] netsock2.c: == Using SIP VIDEO CoS mark 6
[2013-09-06 23:41:44] VERBOSE[2988][C-00000075] netsock2.c: == Using SIP RTP TOS bits 184
[2013-09-06 23:41:44] VERBOSE[2988][C-00000075] netsock2.c: == Using SIP RTP CoS mark 5
[2013-09-06 23:41:44] VERBOSE[3462][C-00000075] pbx.c: -- Executing [[email protected]:1] NoOp("SIP/81.82.253.38-00000075", "Received incoming SIP connection from unknown peer to 222200972595660432") in new stack
[2013-09-06 23:41:44] VERBOSE[3462][C-00000075] pbx.c: -- Executing [[email protected]:2] Set("SIP/81.82.253.38-00000075", "DID=222200972595660432") in new stack
[2013-09-06 23:41:44] VERBOSE[3462][C-00000075] pbx.c: -- Executing [[email protected]:3] Goto("SIP/81.82.253.38-00000075", "s,1") in new stack
[2013-09-06 23:41:44] VERBOSE[3462][C-00000075] pbx.c: -- Goto (from-sip-external,s,1)
[2013-09-06 23:41:44] VERBOSE[3462][C-00000075] pbx.c: -- Executing [[email protected]:1] GotoIf("SIP/81.82.253.38-00000075", "0?checklang:noanonymous") in new stack
[2013-09-06 23:41:44] VERBOSE[3462][C-00000075] pbx.c: -- Goto (from-sip-external,s,5)
[2013-09-06 23:41:44] VERBOSE[3462][C-00000075] pbx.c: -- Executing [[email protected]:5] Set("SIP/81.82.253.38-00000075", "TIMEOUT(absolute)=15") in new stack
[2013-09-06 23:41:44] VERBOSE[3462][C-00000075] func_timeout.c: -- Channel will hangup at 2013-09-06 23:41:59.924 CEST.
[2013-09-06 23:41:44] VERBOSE[3462][C-00000075] pbx.c: -- Executing [[email protected]:6] Answer("SIP/81.82.253.38-00000075", "") in new stack
[2013-09-06 23:41:45] VERBOSE[3462][C-00000075] pbx.c: == Spawn extension (from-sip-external, s, 6) exited non-zero on 'SIP/81.82.253.38-00000075'
[2013-09-06 23:41:45] VERBOSE[3462][C-00000075] pbx.c: -- Executing [[email protected]:1] Hangup("SIP/81.82.253.38-00000075", "") in new stack
[2013-09-06 23:41:45] VERBOSE[3462][C-00000075] pbx.c: == Spawn extension (from-sip-external, h, 1) exited non-zero on 'SIP/81.82.253.38-00000075'
[2013-09-06 23:41:48] VERBOSE[2988][C-00000076] netsock2.c: == Using SIP VIDEO TOS bits 136
[2013-09-06 23:41:48] VERBOSE[2988][C-00000076] netsock2.c: == Using SIP VIDEO CoS mark 6
[2013-09-06 23:41:48] VERBOSE[2988][C-00000076] netsock2.c: == Using SIP RTP TOS bits 184
[2013-09-06 23:41:48] VERBOSE[2988][C-00000076] netsock2.c: == Using SIP RTP CoS mark 5

PS Those calls only last a few seconds mostly.

Usually this is an indication that you have exposed your server to the Internet and someone is probing your system.

VPN is the best bet. If they are using soft phones a simple SSL client will work.

Several phones such as Yealink and SNOM have OpenVPN clients built in.

I buy Juniper 5xl VPN appliances for $10 on eBay, they work great.

Hi,

Yes it is exposed as we have helpdesk operators at remote sites.
I was wondering if there was something I could do on the pbx itself to avoid this as much as possible? I was for example thinking about blocking callerid’s that don’t match a certain format? Make some kind of nullrouting inbound route or how can I do this?

Many thx

Else, I could setup vpn’n for remote agents, which immediatelly closes it all to the outside of course.