Suspicious hits on server

hi all,

I am observing some suspicious hits on my server and CDRs are generating with very suspicious patterns.

can anyone suggest what is this.

also see the CEL

These are the Logs:

== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5
– Executing [[email protected]:1] NoOp(“SIP/x.x.x.x-0000005e”, “Received incoming SIP connection from unknown peer to 006025390239297988”) in new stack
– Executing [[email protected]:2] Set(“SIP/x.x.x.x-0000005e”, “DID=006025390239297988”) in new stack
– Executing [[email protected]:3] Goto(“SIP/x.x.x.x-0000005e”, “s,1”) in new stack
– Goto (from-sip-external,s,1)
– Executing [[email protected]:1] GotoIf(“SIP/x.x.x.x-0000005e”, “1?setlanguage:checkanon”) in new stack
– Goto (from-sip-external,s,2)
– Executing [[email protected]:2] Set(“SIP/x.x.x.x-0000005e”, “CHANNEL(language)=en”) in new stack
– Executing [[email protected]:3] GotoIf(“SIP/x.x.x.x-0000005e”, “1?noanonymous”) in new stack
– Goto (from-sip-external,s,5)
– Executing [[email protected]:5] Set(“SIP/x.x.x.x-0000005e”, “TIMEOUT(absolute)=15”) in new stack
– Channel will hangup at 2017-06-21 16:47:38.838 UTC.
– Executing [[email protected]:6] Log(“SIP/x.x.x.x-0000005e”, "WARNING,“Rejecting unknown SIP connection from 163.172.254.6"”) in new stack
[2017-06-21 16:47:23] WARNING[15100][C-0000005b]: Ext. s:6 @ from-sip-external: “Rejecting unknown SIP connection from 163.172.254.6”
– Executing [[email protected]:7] Answer(“SIP/x.x.x.x-0000005e”, “”) in new stack
– Executing [[email protected]:8] Wait(“SIP/x.x.x.x-0000005e”, “2”) in new stack
– Executing [[email protected]:9] Playback(“SIP/x.x.x.x-0000005e”, “ss-noservice”) in new stack
– <SIP/x.x.x.x-0000005e> Playing ‘ss-noservice.ulaw’ (language ‘en’)

I think this is some sort of attack on my server.

Turn off allow anonymous calls

it is already set to no

Then you have allow guest set to yes.

yes it’s set to yes but now I set this to no.

any rules for Fail2ban to protect my server

They will when you have guest set to no.

ok thanks.

lets see.