Hi Felix,
ngrep -W byline port 5060|grep -B1 "INVITE sip"
Markus
Am 16.11.2012 17:50, schrieb Ruben Rögels:
Hi Felix,
you have several things to check:
netstat -a -n --udp --tcp
will show you connections and connection attempts on network layer level.
You have to look for incoming connections to port 5060 and if the call
has been established for connections on your rtp ports. (see rtp.conf).
If you can see connections not supposed to be there: thats your
intruder ;-)
I suggest you disable guest calls and you configure a default context
in which dialed extensions can't be routed to charged destinations.
sip.conf:
allowguests=no
defaultcontext=default
extensions.conf:
[default]
exten => _X.,1,Answer()
exten => _X.,n,PlayBack(silence/1)
exten => _X.,n,PlayBack(ss-noservice)
exten => _X.,n,PlayBack(silence/1)
exten => _X.,n,MusicOnHold(default,10)
exten => _X.,n,PlayBack(silence/1)
exten => _X.,n,PlayBack(vm-goodbye)
exten => _X.,n,HangUp()
The next step would be using fail2ban or something similiar to check
the asterisk log for intruders.
fail2ban recognized them and dynamically sets appropriate firewall rules.
Good luck.
best regards,
Ruben
Am 16.11.2012 17:20, schrieb Felix Vazquez:
I am in the asterisk CLI and can see an unidentified caller trying
the make calls out of the asterisk system. How do I stop them? How do
I identify them and how can I see how the go in?
This is an example of what I would see:
NOTICE[4098]: chan_sip.c:20063 handle_request_invite:
Call *from '' *to extension '90111235551212' rejected because
extension not found.
Felix
------------------------------------------------------------------------
This electronic message contains information from BOSH Global
Services which may be company sensitive, proprietary, privileged or
otherwise protected from disclosure. The information is intended to
be used solely by the recipient(s) named above. If you are not an
intended recipient, be aware that any review, disclosure, copying,
distribution or use of this transmission or its contents is
prohibited. If you have received this transmission in error, please
notify the sender immediately.
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided byhttp://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users