Need help to stop break in attempts

jaedee · June 11, 2014, 12:38am

Hi all

I’m running an old version installed nearly 2 yrs ago (FreePBX-Distro-Net-64bit-1.811.210.57). I honestly have not payed much attention to it because it has worked fine and I take the view that if it isn’t broken, don’t fix it. There have been no unusual calls/charges from my VoSP, however today I noticed msgs like this repeating on the asterisk cli:

  == Using SIP RTP TOS bits 184
  == Using SIP RTP CoS mark 5
    -- Executing [660011972592511307@from-sip-external:1] NoOp("SIP/x.x.x.x-0014f520", "Received incoming SIP connection from unknown peer to 660011972592511307") in new stack
    -- Executing [660011972592511307@from-sip-external:2] Set("SIP/x.x.x.x-0014f520", "DID=660011972592511307") in new stack
    -- Executing [660011972592511307@from-sip-external:3] Goto("SIP/x.x.x.x-0014f520", "s,1") in new stack
    -- Goto (from-sip-external,s,1)
    -- Executing [s@from-sip-external:1] GotoIf("SIP/x.x.x.x-0014f520", "0?checklang:noanonymous") in new stack
    -- Goto (from-sip-external,s,5)
    -- Executing [s@from-sip-external:5] Set("SIP/x.x.x.x-0014f520", "TIMEOUT(absolute)=15") in new stack
Channel will hangup at 2014-06-10 19:33:48.196 EDT.
    -- Executing [s@from-sip-external:6] Answer("SIP/x.x.x.x-0014f520", "") in new stack
    -- Executing [s@from-sip-external:7] Wait("SIP/x.x.x.x-0014f520", "2") in new stack
    -- Executing [s@from-sip-external:8] Playback("SIP/x.x.x.x-0014f520", "ss-noservice") in new stack
    -- <SIP/x.x.x.x-0014f520> Playing 'ss-noservice.ulaw' (language 'en')
    -- Executing [s@from-sip-external:9] PlayTones("SIP/x.x.x.x-0014f520", "congestion") in new stack
    -- Executing [s@from-sip-external:10] Congestion("SIP/x.x.x.x-0014f520", "5") in new stack
  == Spawn extension (from-sip-external, s, 10) exited non-zero on 'SIP/x.x.x.x-0014f520'
    -- Executing [h@from-sip-external:1] Hangup("SIP/x.x.x.x-0014f520", "") in new stack
  == Spawn extension (from-sip-external, h, 1) exited non-zero on 'SIP/x.x.x.x-0014f520'
[2014-06-10 19:34:05] WARNING[-1]: chan_sip.c:3641 retrans_pkt: Retransmission timeout reached on transmission ff698c29f5b0bb082d2e4742cd276d09 for seqno 1 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32000ms with no response

x.x.x.x is my static IP from my ISP

and every once in a while this

XtrComm*CLI> core show channels verbose
Channel              Context              Extension        Prio State   Application  Data                      CallerID        Duration Accountcode PeerAccount BridgedTo           
SIP/x.x.x.x-00 from-sip-external    s                   8 Up      Playback     ss-noservice              2014            00:00:06                         (None) 

[2014-06-10 19:37:34] NOTICE[-1]: chan_sip.c:24929 handle_request_register: Registration from '"735" <sip:[email protected]:5060>' failed for '50.23.115.116:5111' - No matching peer found
[2014-06-10 19:37:35] NOTICE[-1]: chan_sip.c:24929 handle_request_register: Registration from '"735" <sip:[email protected]:5060>' failed for '50.23.115.116:5111' - No matching peer found

The box sits behind a DD-WRT v24-sp2 (8/07/10) std flashed router.

What can I do to stop these actions?

Of course there are 62 online modules available for upgrade according to FPBX status, but I don’t really know how to perform the upgrades, and I worry they may “break” something during the upgrade, which is part of the reason I try to leave well enough alone.

Thanks in advance.

DungeonMaster3000 · June 12, 2014, 11:00am

Don’t allow any outside access to your PBX unless over a VPN.
Use a registration string instead of IP authentication, helps with getting around opening the filewall.
use IPTables/Fail2Ban etc
Update the modules as vulnerability have been found and patched since your version.

jaedee · June 12, 2014, 9:41pm

Bump

jaedee · June 12, 2014, 9:56pm

Can you give a tip/link/hint to the update procedure? And do you think updating a 2 yr old distro would be safe/not break anything?

Is not IPTables/Fail2Ban included and on by default with the install?

Thanks!

jaedee · June 12, 2014, 11:30pm

In reading the wiki, I can see my version (1.811.210.57) is end of life.

I would like to upgrade it as far as it will go following the guide, however there is no exact match of guideline to follow:

They have guides for versions:
1.8xx.210.58
and
1.8xx.210.62

neither of which match the version I have installed.

Can I safely follow 1.8xx.210.58?

Also, I just turned off “Allow SIP Guests” which seems to have stopped all but:

[2014-06-12 19:08:37] NOTICE[-1]: chan_sip.c:22542 handle_request_invite: Sending fake auth rejection for device 1<sip:[email protected]>;tag=5a6a9eed
[2014-06-12 19:08:37] NOTICE[-1]: chan_sip.c:22542 handle_request_invite: Sending fake auth rejection for device 1<sip:[email protected]>;tag=5a6a9eed
[2014-06-12 19:09:05] NOTICE[-1]: chan_sip.c:24929 handle_request_register: Registration from '"855" <sip:[email protected]:5060>' failed for '50.23.115.116:5117' - No matching peer found
[2014-06-12 19:09:05] NOTICE[-1]: chan_sip.c:24929 handle_request_register: Registration from '"855" <sip:[email protected]:5060>' failed for '50.23.115.116:5117' - No matching peer found

I am using IP Auth and am looking for a way to specify the allowed IP’s for 5060 in my dd-wrt enabled router, BUT:

fail2ban is running and I wonder WHY it is not banning the IP address 50.23.115.116?

I would think it should be after so many attempts (same IP from my OP) … ?

jaedee · June 12, 2014, 11:43pm

If I am following the Upgrade Wiki correctly under version 1.8xx.210.58 (http://wiki.freepbx.org/display/FD/FreePBX-Distro-1.8xx.210.58), based on my version (1.811.210.570-1), I would run each shell script starting at line number:
22

and continue through the end, number 31.

At which point to go further would require a backup and restore to go further, onto vers 2.210.62.

Do I have this?

thx

bksales · June 13, 2014, 11:22pm

yep you got it right - upgrade to .58, backup the system, do a fresh install of 210.62 and then restore from the backup. we have do a lot of these and for the most part they work. the one thing we never got to work reliably was restoring a 32 bit system onto a 64 bit system. in theory it should work but we had so many problems we simply gave up and continued to use 32 bit distro’s for the systems that we could not rebuild from scratch.

use the command line upgrade process (wget, chmod, ./) and you should be able to upgrade all the way to the current verison. two tips: 1) pay very close attention to what you are doing so that you install everything in the correct order and 2) leave your self plenty of time - don’t rush things.