Short rings on phone

Greetings,

First of all, I would like to thank all people involved to create such a great piece of software.

I have a small question and would like to know i am on the right track.

Recently I am receiving very short calls, 1 second or so. When I check the CDR recorde it look like a call from extentions.
eg: 111, 800, 900, etc…

I believe these calls are let through since i am allowing anonymous calls (I have to) and that these calls are from hacking attempts to find out which ones have working extentions.
I have set: alwaysauthreject=yes in sip config.

On the other hand i have a verys trict firewall, and later on i’ll install fail2ban on the server.

What I would like to know is, am I on the right track here?

Hmm can’t seem to find much more info on this topic.
However, I read about some other people who had this problem when allowing anonymous call’s.

These calls will show up in your CDRs whether or not you allow anonymous calls. They are hack attempts, but the IP addresses are not logged so fail2ban won’t help you.

By allowing anonymous connections you invite anyone to connect to any extension on your system. FreePBX says “Although FreePBX severely restricts access to the internal dialplan, allowing Anonymous SIP calls does introduced additional security risks.” You should avoid it if you can. Providers should be able to give you a list of IP addresses they will talk to you from.

set allowguest=no in sip_general_custom.conf or in Asterisk SIP module and those entries should disappear from the CDR. Some trunks will not work with that setting. It’s not the same setting as allowanonymous=no

Hey guys,

Thanks for the great reply.
For people who are experiencing the same problems, here is what i did.

  1. I followed a tutorial to be able to set allow anonymous to no:
    http://sysadminman.net/blog/2012/freepbx-inbound-number-not-working-help-4435

  2. In case that was’nt enough: The incomming DID route (I have one incomming DID): go to the usual route.
    All other calls (with CID and DID info blank on incoming route) --> to “hang up call”.

  3. Of course all other security measures as described in many tutorials (Firewall, IPtables, Fail2ban)

Like I said, thanks for the info… Damn chinese hackers …

There are easier ways to determine you never had your trunk set up correctly. Also don’t think turning allowanonymous=off will get rid of the SIP scanners showing up on your CDR.