We have a user who is receiving calls from random 4 digit numbers and it appears when it starts it comes every 4 seconds.
Anonymous and guest IP calls are already off.
Only appeared to be this one user.
Any pointers?
Assuming this is a SIP phone, they are probably coming directly to the phone, because the phone is open to the internet.
If they are coming through PBX, you should look at the logs.
1 Like
yes nothing shows in the call logs.
will get the public network checked out.
There is never a need to generally listen on udp/5060, if you do you will be compromised sooner or later
What about SIP invites? Unless you’re using a different port wont that need to stay open?
Is fail2ban setup on your server?
For more advanced protection you could also look into Suricata
Exactly, the port you are listening on will have to be open, however choosing UDP:5060 is choosing to offer your fruit on the very lowest branches for the bad guys to harvest 
1 Like
Aha I see and clever way to put it. 
Consider using TLS, then only certified connections to your domain name will be INVITE’d bare IP address , not so much.
The working assumption is that they are bypassing the server.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.