Someone Trying To Hack Me - Intrusion Detection Not Picking Them Up

eagle · August 5, 2016, 6:14pm

Someone is trying to hack SIP registrations into my new FreePBX, shouldn’t Intrusion Detection be blocking them? When I look in the Intrusion Detection I can see it blocked one IP address but it’s not this one.

[2016-08-05 14:07:18] NOTICE[13184]: chan_sip.c:23754 handle_response_peerpoke: Peer '101' is now Reachable. (90ms / 2000ms) [2016-08-05 14:07:41] NOTICE[13184]: chan_sip.c:28347 handle_request_register: Registration from '555 <sip:[email protected]>' failed for '89.163.135.201:59023' - Wrong password [2016-08-05 14:08:22] NOTICE[13184]: chan_sip.c:28347 handle_request_register: Registration from '622 <sip:[email protected]>' failed for '89.163.135.201:60393' - Wrong password [2016-08-05 14:08:27] NOTICE[13184]: chan_sip.c:28347 handle_request_register: Registration from '722 <sip:[email protected]>' failed for '89.163.135.201:35272' - Wrong password [2016-08-05 14:08:31] NOTICE[13184]: chan_sip.c:28347 handle_request_register: Registration from '321 <sip:[email protected]>' failed for '89.163.135.201:39926' - Wrong password [2016-08-05 14:08:31] NOTICE[13184]: chan_sip.c:28347 handle_request_register: Registration from '120 <sip:[email protected]>' failed for '89.163.135.201:36683' - Wrong password [2016-08-05 14:08:47] NOTICE[13184]: chan_sip.c:28347 handle_request_register: Registration from '1009 <sip:[email protected]:5060>' failed for '89.163.135.201:35410' - Wrong password [2016-08-05 14:08:49] NOTICE[13184]: chan_sip.c:28347 handle_request_register: Registration from '221 <sip:[email protected]>' failed for '89.163.135.201:42204' - Wrong password [2016-08-05 14:08:55] NOTICE[13184]: chan_sip.c:28347 handle_request_register: Registration from '412 <sip:[email protected]>' failed for '89.163.135.201:55694' - Wrong password [2016-08-05 14:09:30] NOTICE[13184]: chan_sip.c:28347 handle_request_register: Registration from '162 <sip:[email protected]>' failed for '89.163.135.201:34599' - Wrong password [2016-08-05 14:09:57] NOTICE[13184]: chan_sip.c:28347 handle_request_register: Registration from '999 <sip:[email protected]>' failed for '89.163.135.201:58738' - Wrong password [2016-08-05 14:10:46] NOTICE[13184]: chan_sip.c:28347 handle_request_register: Registration from '221 <sip:[email protected]:5060>' failed for '89.163.135.201:52741' - Wrong password

eagle · August 5, 2016, 6:15pm

By the way, I added that IP address to DENY in my iptables and that’s not doing anything to resolve this either.

dolesec · August 5, 2016, 7:31pm

are running the freepbx 13 firewall as well as intrusion detecion - what version is firewall ? you mention ‘your’ IP tables and not zones/networks so its unclear at this point

if freepbx firewall is in use - is responsive firewall enabled ?

whats the output of iptables-save ?