Our vendor has just put in a new firewall and I am now receiving SIP invites from unknown IP addresses.
Now looks like the firewall is not correctly configured cause that traffic should not be allowed.
Could anybody look through the Invite below and let me know what’s going on?
(I have obfuscated my external IP and replaced with mypublicIP )
I am also seeing plenty of Timeout on xxxxx on non-critical invite transaction errors on the Asterisk CLI.
“Allow guests” and “Allow Anonymous Inbound SIP Calls” are both set to “No”.
My PBX is sending a 401 Unauthorized back, and that’s the end of it.
Also, shouldn’t fail2ban be jumping in?
It’s probing on port 5070, I am on chansip port 5060.
10.13.66 Distro, Asterisk 13.
<— SIP read from UDP:104.216.108.146:5070 —>
INVITE sip:9011972592664947@mypublicIP SIP/2.0
To: 9011972592664947<sip:9011972592664947@mypublicIP >
From: 0123<sip:0123@mypublicIP >;tag=3b446bf3
Via: SIP/2.0/UDP 104.216.108.146:5070;branch=z9hG4bK-85999f59bf8dc112a07e7f705f29b89a;rport
Call-ID: 85999f59bf8dc112a07e7f705f29b89a
CSeq: 1 INVITE
Contact: sip:[email protected]:5070
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, BYE
User-Agent: sipcli/v1.8
Content-Type: application/sdp
Content-Length: 287
v=0
o=sipcli-Session 1181773323 2010834441 IN IP4 104.216.108.146
s=sipcli
c=IN IP4 104.216.108.146
t=0 0
m=audio 5072 RTP/AVP 18 0 8 101
a=fmtp:101 0-15
a=rtpmap:18 G729/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=ptime:20
a=sendrecv
<------------->
— (12 headers 13 lines) —
Sending to 104.216.108.146:5070 (NAT)
Sending to 104.216.108.146:5070 (NAT)
Using INVITE request as basis request - 85999f59bf8dc112a07e7f705f29b89a
No matching peer for ‘0123’ from ‘104.216.108.146:5070’