Random Calls on the CDR

So I just setup a new server, using the new FreePBX 14.0.1.20, setup the responsive firewall for chan_sip (not using pjsip) and everything working wonderfully

Made sure SIP Guests was set to no, and set Allow Anonymous Inbound SIP Calls to no.

Now I’m getting this on my CDR

Call Date Recording System CallerID Outbound CallerID DID App Destination Disposition Duration Userfield Account CDR Table CDR Graph
Fri, Jan 5 2018 4:20 AM 1515161999.4504 “6318489673” <6318489673> 6319570101 Dial 121 ANSWERED 01:04
Fri, Jan 5 2018 4:20 AM 1515161999.4504 “6318489673” <6318489673> 6319570101 Dial 9001 NO ANSWER 00:03
Fri, Jan 5 2018 4:20 AM 1515161999.4504 “6318489673” <6318489673> 6319570101 Dial 9001 NO ANSWER 00:03
Fri, Jan 5 2018 4:19 AM 1515161999.4504 “6318489673” <6318489673> 6319570101 Dial 9001 ANSWERED 00:50
Fri, Jan 5 2018 4:01 AM 1515160883.4489 “2102503767” <2102503767> 6319570101 Dial 9002 NO ANSWER 00:08
Fri, Jan 5 2018 4:01 AM 1515160883.4489 “2102503767” <2102503767> 6319570101 Dial 9002 NO ANSWER 00:08
Fri, Jan 5 2018 4:01 AM 1515160883.4489 “2102503767” <2102503767> 6319570101 Dial 9002 NO ANSWER 00:08
Fri, Jan 5 2018 4:01 AM 1515160883.4489 “2102503767” <2102503767> 6319570101 Dial 9002 NO ANSWER 00:08
Fri, Jan 5 2018 4:01 AM 1515160883.4489 “2102503767” <2102503767> 6319570101 Dial 9002 NO ANSWER 00:08
Fri, Jan 5 2018 4:01 AM 1515160883.4489 “2102503767” <2102503767> 6319570101 Dial 9002 NO ANSWER 00:08
Fri, Jan 5 2018 4:01 AM 1515160883.4489 “2102503767” <2102503767> 6319570101 Dial 9002 NO ANSWER 00:08
Fri, Jan 5 2018 4:01 AM 1515160883.4489 “2102503767” <2102503767> 6319570101 Dial 9002 ANSWERED 01:28
Fri, Jan 5 2018 4:01 AM 1515160883.4489 “2102503767” <2102503767> 6319570101 Dial 9002 NO ANSWER 00:08
Fri, Jan 5 2018 4:01 AM 1515160883.4489 “2102503767” <2102503767> 6319570101 Dial 9002 NO ANSWER 00:08
Fri, Jan 5 2018 4:01 AM 1515160883.4489 “2102503767” <2102503767> 6319570101 Dial 9002 NO ANSWER 00:09
Fri, Jan 5 2018 4:01 AM 1515160883.4489 “2102503767” <2102503767> 6319570101 Dial 9001 NO ANSWER 00:15
Fri, Jan 5 2018 4:01 AM 1515160883.4489 “2102503767” <2102503767> 6319570101 Dial 9001 NO ANSWER 00:15
Fri, Jan 5 2018 4:01 AM 1515160883.4489 “2102503767” <2102503767> 6319570101 Dial 9001 NO ANSWER 00:20

No idea what this 515161999 number is

The application is “dial”, so someone is placing calls from the PBX. Time to turn up the firewall.

Use your log file (/var/log/asterisk/full) and see if you can find the calls. Use the time stamp to coordinate your search.

Now, there’s an interesting bit of information in your CDR - look at the “Recording Name” - there are only two calls here - granted it looks like a lot more, but the fact that the recording name is the same implies that there are only two calls on this snippet. Remember, Asterisk is a Back to Back Call Interface, which means that every extension or outbound calls get documented in the CDR (since every extension’s leg of the call is considered its own call).

Without more information, I’m not sure we can give you a lot more information, though.

Thanks for the reply This is what pops up n my log at the time of the event starting

[2018-01-05 04:01:06] WARNING[2143] chan_sip.c: Timeout on 0cc9318f0a9fbe529f22cb4809c22781 on non-critical invite $

Any recommendations on what to turn up on the firewall, first time really using the new firewall since we upgraded to the new FreePBX version

TIA

We have that same issue though they dial different numbers. I think it’s a chan_sip exploit as merely changing to PJSIP fixes the issue. They seem to send random packets to our server till it just dials out without anything being registered.

We have to accept sip logins from cell phones so we cannot lock everything down and they keep trying that. They will soon try tons of international calls so you might want to disable international calling or add a PIN for international calling.

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.