I have removed these extensions a while back but apparnly they are hiding somewhere. The logs show for example: Registration from ‘601 sip:[email protected]:5060’ failed for ‘x.x.x.x:39648’ - Wrong password
I have no extension 601. How do we clean this up?
This is the same error you will get even if that extension doesn’t exist and there is still a device trying to register to it.
It’s also the error you will get if someone is trying to get into your system from the outside.
The ‘x.x.x.x’ part will tell you the sitory. If the phone IP is local, then it’s a device on a desk somewhere that’s misconfigured. If it’s external to your network, then your firewall and configuration are suspect.
As mentioned before, if you have no extension 601 and the attempt is from outside, it’s probably someone trying to hack your system. Has 601 EVER existed?
If you feel like taking a GOOD look into it, find where the IP is physically. Russia, China are and a few other countries are likely to be the source. In all likelihood, it won’t be coming from your hometown. Also, if no one is calling to say that their phone isn’t working, that’s another clue that it’s a hacker.
You could also put a rule in your firewall to sent traffic from that IP to 0.0.0.0.
Let us know