Unusual hack attempt

miken32 · June 21, 2013, 7:21pm

I noticed this showing up in my logs recently, in the absence of any other output:

[2013-06-21 15:03:17] VERBOSE[26527] netsock.c:   == Using UDPTL TOS bits 184
[2013-06-21 15:03:17] VERBOSE[26527] netsock.c:   == Using UDPTL CoS mark 5
[2013-06-21 15:03:17] VERBOSE[26527] netsock2.c:   == Using SIP RTP TOS bits 184
[2013-06-21 15:03:17] VERBOSE[26527] netsock2.c:   == Using SIP RTP CoS mark 5
[2013-06-21 15:03:17] WARNING[26527] chan_sip.c: Not a SIP header ()?

Nothing else. So I turned on SIP debugging and sat on the console and got this: http://pastebin.com/KLwbYS3x

It’s worrying that nothing shows up in the logs. I’m running Asterisk 1.8.7 and am wondering if anyone has seen similar attacks and if so, do newer versions of Asterisk log some sort of message?

bksales · June 21, 2013, 7:27pm

do you have allow Allow Anonymous Inbound SIP Calls set to no? if not you probably should

miken32 · June 21, 2013, 7:56pm

Certainly I do. This isn’t getting anywhere near FreePBX, it’s strictly an Asterisk thing. Just thought maybe someone might have come across it before.