Unknown Call Attempts

Asterisk Version: 16.6.2

I have a VPS hosted FreePBX server, and I am testing out a different SIP trunk provider. Doing so has forced me to change the SIP port to the standard 5060. I started seeing call attempts from non-existent extensions to international numbers. The calls weren’t able to complete, but they are filling my logs and CDR’s with junk. I have disabled my responsive firewall for my PJSIP traffic. I have added my local static IP to the networks tab as trusted for my phones. They register and work just fine. However, watching my SIP logs, I constantly keep seeing invites trying to place calls from extensions I do not have on my PBX. I added the source IP’s to the blacklist in the firewall settings and I have restarted asterisk, and it seems like it hasn’t made a difference. Those same IP’s I have blocked still persist with attempts. Under services, I have changed my SIP protocol to Local only as well. Under SIP settings, I have disabled both Allow Anonymous Inbound SIP Calls and Allow SIP Guests. I’m not sure if I am missing something in the firewall to prevent these attempts.I have my intrusion detection [fail2ban] running and I increased those restrictions too.

Can someone help me identify what I am missing to help tighten security?

Turning off “Allow Anonymous Inbound SIP calls” and “Allow SIP Guests” is probably best.

The responsive firewall won’t be the issue.

Have you set your interface to “Internet (Default Firewall)” yet in the firewall settings?

Make sure you whitelist your own IP before you do this otherwise you may find it difficult to get back in…

Also, whitelist your providers and blacklist everything else. Even if you end up not using them, their servers should be reliably locked down to prevent them from connecting to your server.

Generally this is not required, as the PBX firewall will white list your signalling hosts automagically. The exception is to white list whatever you add to the Match field for PJSIP trunks.

An ambitious project to be sure, but perhaps slightly more work than necessary on a deny by default firewall.

1 Like

Yes my interface is set to this already. I have added my own IP address to the networks tab as trusted.

In order to whitelist the providers’ IP addresses, that’s just putting them in that network tab along with my IP, correct?

Ooooooh this is interesting… I thought those addresses were automatically whitelisted. I’m surprised I haven’t had more issues if that’s the case…

And making sure you mark them as trusted, yes.


Is this intended behaviour then?

I don’t understand the question. At present, entries on the Match field are not added to Firewall automatically. The linked ticket requests this be added.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.