Good afternoon all. Is there a way to block the ip address that appears in my full log that say no matching endpoint found. Because clearly this is someone trying something.
Regards,
Omar.
If you are using the FreePBX firewall, you can blacklist an IP, or if you have Intrusion Detection enabled it should ban the IP after the amount of tries you specified in the settings.
Anyhow, I would open 5060 only to my SIP Provider and remote offices, that prevents SIP attacks/hacks. Unless there’s a reason you want to have it open publicly.
If you are using the FreePBX firewall, it blocks by default, and only allows traffic from known trunks.
1 Like
If the extension you are seeing in the message isn’t a real one, you need to make sure the firewall is set correctly. This includes the possibility of using the Adaptive Firewall (if you feel the need to leave your system exposed to these kinds of attackers).
If the extension is actually one of your extensions, this is usually caused by the phone trying to connect to the wrong incoming SIP port (5160 instead of 5060, or vice versa).
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.