What are these log entries?

nmarques · December 28, 2017, 4:02pm

I was checking out my Asterisk logs and noticed hundreds of lines like the ones below… what do they mean?

[2017-12-21 21:01:41] NOTICE[5198] res_pjsip_exten_state.c: Endpoint '110' state subscription failed: Extension '*992*1*110' does not exist in context 'from-internal' or has no associated hint
[2017-12-21 21:03:00] NOTICE[9720] res_pjsip/pjsip_distributor.c: Request 'INVITE' from '"1" <sip:[email protected]>' failed for '66.70.186.99:5079' (callid: c85271006800dd6cfd0caee471179f7f) - No matching endpoint found
[2017-12-21 21:03:51] WARNING[18271] chan_sip.c: Purely numeric hostname (200), and not a peer--rejecting!
[2017-12-21 21:03:51] NOTICE[22160] res_pjsip_exten_state.c: Endpoint '200' state subscription failed: Extension '*992*1*200' does not exist in context 'from-internal' or has no associated hint
[2017-12-21 21:04:00] WARNING[18271] chan_sip.c: Purely numeric hostname (108), and not a peer--rejecting!
[2017-12-21 21:04:00] WARNING[18271] chan_sip.c: Purely numeric hostname (108), and not a peer--rejecting!
[2017-12-21 21:04:00] NOTICE[5198] res_pjsip_exten_state.c: Endpoint '108' state subscription failed: Extension '*992*1*108' does not exist in context 'from-internal' or has no associated hint
[2017-12-21 21:04:39] NOTICE[27343] res_pjsip_exten_state.c: Endpoint '107' state subscription failed: Extension '*992*1*107' does not exist in context 'from-internal' or has no associated hint
[2017-12-21 21:04:48] NOTICE[22160] res_pjsip_exten_state.c: Endpoint '100' state subscription failed: Extension '*992*1*100-1' does not exist in context 'from-internal' or has no associated hint
[2017-12-21 21:05:19] NOTICE[22160] res_pjsip_exten_state.c: Endpoint '106' state subscription failed: Extension '*992*1*106' does not exist in context 'from-internal' or has no associated hint
[2017-12-21 21:07:01] NOTICE[9720] res_pjsip/pjsip_distributor.c: Request 'OPTIONS' from '<sip:n@n>' failed for '2.105.13.142:21281' (callid: 5) - No matching endpoint found

nmarques · January 2, 2018, 6:57pm

Anyone have any ideas?

cynjut · January 2, 2018, 7:13pm

Failed hack attempts.

avayax · January 2, 2018, 8:18pm

Tell us how your PBX is set up in terms of security, such as is it behind a firewall, what rules are in place etc etc…

nmarques · January 2, 2018, 8:49pm

Unit is behind NAT with Responsive Firewall enabled. The single eth0 interface is assigned to Internet zone, with the unit’s subnet as trusted.

Haven’t changed any other settings, but ports are not forwarded from our router.

We have about 10x Sangoma phones on the same internal network. The extensions listed in the log are actual extensions being used… 100, 106, 107, 108, 110, 200, etc.

lgaetz · January 2, 2018, 9:04pm

The “state subscription failed” are from Phone Apps and can be ignored. The “Purely numeric hostname” are likewise unimportant. The Stray INVITE and OPTIONS are probably malicious users (unless you recognize the IPs), and if so, should eventually get blocked by the Responsive Firewall.

nmarques · January 2, 2018, 9:27pm

Thanks. Are there steps I can do to resolve the log entries so they don’t flood my log? It’s hard to read the log with so many of these same messages.

system · January 2, 2019, 9:27pm

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.