What are these log entries?

I was checking out my Asterisk logs and noticed hundreds of lines like the ones below… what do they mean?

[2017-12-21 21:01:41] NOTICE[5198] res_pjsip_exten_state.c: Endpoint '110' state subscription failed: Extension '*992*1*110' does not exist in context 'from-internal' or has no associated hint
[2017-12-21 21:03:00] NOTICE[9720] res_pjsip/pjsip_distributor.c: Request 'INVITE' from '"1" <sip:[email protected]>' failed for '66.70.186.99:5079' (callid: c85271006800dd6cfd0caee471179f7f) - No matching endpoint found
[2017-12-21 21:03:51] WARNING[18271] chan_sip.c: Purely numeric hostname (200), and not a peer--rejecting!
[2017-12-21 21:03:51] NOTICE[22160] res_pjsip_exten_state.c: Endpoint '200' state subscription failed: Extension '*992*1*200' does not exist in context 'from-internal' or has no associated hint
[2017-12-21 21:04:00] WARNING[18271] chan_sip.c: Purely numeric hostname (108), and not a peer--rejecting!
[2017-12-21 21:04:00] WARNING[18271] chan_sip.c: Purely numeric hostname (108), and not a peer--rejecting!
[2017-12-21 21:04:00] NOTICE[5198] res_pjsip_exten_state.c: Endpoint '108' state subscription failed: Extension '*992*1*108' does not exist in context 'from-internal' or has no associated hint
[2017-12-21 21:04:39] NOTICE[27343] res_pjsip_exten_state.c: Endpoint '107' state subscription failed: Extension '*992*1*107' does not exist in context 'from-internal' or has no associated hint
[2017-12-21 21:04:48] NOTICE[22160] res_pjsip_exten_state.c: Endpoint '100' state subscription failed: Extension '*992*1*100-1' does not exist in context 'from-internal' or has no associated hint
[2017-12-21 21:05:19] NOTICE[22160] res_pjsip_exten_state.c: Endpoint '106' state subscription failed: Extension '*992*1*106' does not exist in context 'from-internal' or has no associated hint
[2017-12-21 21:07:01] NOTICE[9720] res_pjsip/pjsip_distributor.c: Request 'OPTIONS' from '<sip:[email protected]>' failed for '2.105.13.142:21281' (callid: 5) - No matching endpoint found

Anyone have any ideas?

Failed hack attempts.

Tell us how your PBX is set up in terms of security, such as is it behind a firewall, what rules are in place etc etc…

Unit is behind NAT with Responsive Firewall enabled. The single eth0 interface is assigned to Internet zone, with the unit’s subnet as trusted.

Haven’t changed any other settings, but ports are not forwarded from our router.

We have about 10x Sangoma phones on the same internal network. The extensions listed in the log are actual extensions being used… 100, 106, 107, 108, 110, 200, etc.

The “state subscription failed” are from Phone Apps and can be ignored. The “Purely numeric hostname” are likewise unimportant. The Stray INVITE and OPTIONS are probably malicious users (unless you recognize the IPs), and if so, should eventually get blocked by the Responsive Firewall.

Thanks. Are there steps I can do to resolve the log entries so they don’t flood my log? It’s hard to read the log with so many of these same messages.

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.