Suspicious Activity (still)

Despite locking my firewall down to restric all traffic on SIP channels to my trunk providers IP I still have suspicious activity showing up on mt CDR records.

Can someone tell me if this is someone hacking my system?

I dont have any extentions in the 5000 range on the system.

2014-01-22 19:27:04 1390418824.708 SIP admin Answer s ANSWERED 00:00
2014-01-22 19:18:49 1390418329.707 SIP admin Answer s ANSWERED 00:00
2014-01-22 19:10:32 1390417832.706 SIP 5556 Answer s ANSWERED 00:00
2014-01-22 19:02:11 1390417331.705 SIP 5556 Answer s ANSWERED 00:01
2014-01-22 18:53:23 1390416803.704 SIP 5556 Answer s ANSWERED 00:00

Also, if this is the case then what else do I need to do to stop this activity?

I tried blocking anonymous SIP calls on the settings but this appeared to stop genuine calls?

Mark.

look in your log file, /var/log/asterisk/full normally, at the time of the “intrusion” for more clues

Try my IPTables security guide for Asterisk. You can find the link in the fourth post in thread “Security Question For the Slightly Paranoid (Like me)” opened by xptpa2020.

Probably you’ve enabled anonymous SIP connections. Try disabling it.