Type,Name,Number,Time,Duration,Info
in,305,305,1737560379,0,
miss,6004,6004,1737560376,0,Refusé
miss,6004,6004,1737560308,0,Refusé
miss,205,205,1737560245,0,Refusé
miss,5005,5005,1737560243,0,Refusé
miss,6004,6004,1737560240,0,Refusé
miss,3005,3005,1737560176,0,Refusé
miss,6004,6004,1737560171,0,Refusé
miss,6004,6004,1737560103,0,Refusé
miss,6004,6004,1737560035,0,Refusé
miss,6004,6004,1737559966,0,Refusé
miss,5003,5003,1737559890,0,Refusé
miss,5003,5003,1737559821,0,Refusé
miss,5003,5003,1737559753,0,Refusé
miss,5003,5003,1737559685,0,Refusé
miss,204,204,1737559620,0,Refusé
miss,5003,5003,1737559617,0,Refusé
miss,5003,5003,1737559548,0,Refusé
miss,5003,5003,1737559480,0,Refusé
miss,5003,5003,1737559412,0,Refusé
miss,5003,5003,1737559343,0,Refusé
miss,4002,4002,1737559198,0,Refusé
miss,4002,4002,1737559130,0,Refusé
miss,4002,4002,1737559062,0,Refusé
miss,4002,4002,1737558994,0,Refusé
miss,802,802,1737558928,0,Refusé
miss,4002,4002,1737558926,0,Refusé
miss,4002,4002,1737558857,0,Refusé
miss,4002,4002,1737558789,0,Refusé
miss,4002,4002,1737558721,0,Refusé
miss,3001,3001,1737558644,0,Refusé
miss,3001,3001,1737558576,0,Refusé
miss,3001,3001,1737558508,0,Refusé
why just give me an answer that it is basic when I am struggling with the issue and I cannot get it done, if it’s so basic why can’t you give me the answer?
I have to go now I was able to disable everything on the firewall when I come back hopefully I have an idea of how to do this BASIC TASK… if it’s really basic why is it so difficult to get the answer???
I am giving you the answer. You go into the System Firewall and block the IPs. You also secure it as you need to. Are you asking for me to walk you through each step?
well it would be useful to know ok system firewall is on the gui I presume? and which things to click… it’s not necessary walk through but obviously I don’t know something I try for example… intrusion detection then I look at the list to see if there’s a way to add blacklist and I don’t see but I got to run
to WORK so I will try this later… thank you…
This IP is listed as active in APIBAN. If you integrate the apiban-fail2ban client then it would automatically block it from your system.
Just don’t listen on UDP/5060 (You will need to RTFM here)
yes something I expanded the days, I am not sure why but it seems to be working better now with less friendly scanner and sip vicious … thank you everyone for the help… I am going to add apiban thank you Fred, thank you Blaze Studios Tom Ray, even your simplistic approach has made it somewhat solvable… , and dicko I will check on the listening ports as well on 5060
You may want to watch some of these. It’s not the current release, but good enough to help you.
I did it was good, it didn’t help break the ice but the forum sure did and then I was able to see it and put it in perspective although I didn’t necessarily watch every single video I did a lot of them and found them useful…
there’s no way to stop sip vicious or friendly scanner 1.1.1.1@100 ?
I’m kind of dissatisfied in a way because I am supposed to figure out the system myself so to speak and I tried my best to put all the systems the firewall detects nothing, I don’t allow sip guests, I did the google research and there is nothing on the videos on this and I keep getting the sip vicious calls as if someone is in my system…
Asterisk/FreePBX does not have the ability stop responses based on User Agent or such; common by script kiddies.
If you want to get more into that type of SIP handling, kamailio may be a good bet as it has the ability to not respond to any SIP message based on whatever criteria you want. This said, Kamailio is a solution which would definitely need more SIP knowledge. That said, Kamailio is absolutely a great SIP Edge Router to help with security for your PBX.
As the apiban account suggested, you could also incorporate apiban or other blocklists to stop active attacks hitting honeypots.
The other suggestion, is to see if you really need to be open to the entire internet, or instead restrict SIP access to just the allowed endpoints/peers/carriers you wish to connect to.
Would something like fail2ban be effective?
Do you have Allow Guests and/or Anonymous Calling on? The Friendly Scanner happens when Anonymous Calling is on and no other trunk matches the source IP of the call. It’s something from within FreePBX to alert you that unmatched IPs are hitting the PBX and it is exposed to the world.
Have you tried a well setup TLS transport instead of UDP:5060 ?
I don’t think anyone should rely on UDP:5060 for extensions and I’m pretty sure all this stuff would become a non entity should you not use it.
I can no longer connect I am not sure what I did wrong but I am trying to just get it back … I will likely make a thread on how to connect the extensions again… sadly…
one problem with this idea is the software… some of the software that I have does not allow changing of ports… curious to know however, can it go from 5160 to connect to the extension to 5060 to go out via the sip line?
2025-01-31 06:31:02] [freepbx.INFO]: Deprecated way to add Console commands for module sangomartapi, adding console commands this way can have negative performance impacts. Please use module.xml. See: https://wiki.freepbx.org/display/FOP/Adding+fwconsole+commands why is this in my log?
Such software will commonly recognize a ‘url:port’ construct to register