Re: [asterisk-users] getting invites to rtp ports ??

2018-08-29 Thread John Covici
I agree, but is it possible to try over and over with anything other than the challenge warning in the security log as sean suggested and put a patch for? On Wed, 29 Aug 2018 22:52:05 -0400, Matthew Jordan wrote: > > [1 ] > [1.1 ] > [1.2 ] > On Wed, Aug 29, 2018 at 6:20 PM Telium Support Group

Re: [asterisk-users] getting invites to rtp ports ??

2018-08-29 Thread Matthew Jordan
On Wed, Aug 29, 2018 at 6:20 PM Telium Support Group wrote: > Depending on log trolling (Asterisk security log) misses a lot, and also > depends on the SIP/PJSIP folks to not change message structure (which has > already happened numerous time). If you are comfortable hacking > chan_sip.c you m

Re: [asterisk-users] getting invites to rtp ports ??

2018-08-29 Thread John Covici
OK, Thanks. I have a couple of questions -- the line numbers do not match exactly, so can you tell me a couple of lines before and after the line in question? Also, when will this be logged, if its only during sip debug, I need to change it to log when I can see it more readily. Thanks. On Wed,

Re: [asterisk-users] getting invites to rtp ports ??

2018-08-29 Thread sean darcy
On 08/29/2018 08:07 PM, John Covici wrote: I wonder if I could have that patch, maybe I could add it to my fail2ban regexp and if you have the correct regexp, I would apperciate that as well. Thanks. On Wed, 29 Aug 2018 19:18:29 -0400, Telium Support Group wrote: Depending on log trolling (As

Re: [asterisk-users] getting invites to rtp ports ??

2018-08-29 Thread John Covici
I wonder if I could have that patch, maybe I could add it to my fail2ban regexp and if you have the correct regexp, I would apperciate that as well. Thanks. On Wed, 29 Aug 2018 19:18:29 -0400, Telium Support Group wrote: > > Depending on log trolling (Asterisk security log) misses a lot, and als

Re: [asterisk-users] getting invites to rtp ports ??

2018-08-29 Thread Telium Support Group
Depending on log trolling (Asterisk security log) misses a lot, and also depends on the SIP/PJSIP folks to not change message structure (which has already happened numerous time). If you are comfortable hacking chan_sip.c you may prefer to get the same messages from the AMI. It still misses a

Re: [asterisk-users] getting invites to rtp ports ??

2018-08-29 Thread sean darcy
On 08/29/2018 11:59 AM, Telium Support Group wrote: Block a single IP is the wrong approach (whack-a-mole). You should consider a more comprehensive approach to securing your VoIP environment. Have a look at this wiki: https://www.voip-info.org/asterisk-security/ -Original Message

Re: [asterisk-users] 401 unauthorized

2018-08-29 Thread Daniel Tryba
On Wed, Aug 29, 2018 at 11:37:34AM -0400, Jerry Geis wrote: > I have a connection to a cisco all manager SIP trunk. The first call coming > across CCM to the asterisk server works fine... Then when I do a second > call from CCM to asterisk I am getting a SIP 401 unauthorized. > > My definition is

Re: [asterisk-users] feeling n00b again

2018-08-29 Thread asterisk
Thanks John I'll try tonight with avpf=no, and see what will happen Hans On 2018-08-28 18:28, John Kiniston wrote: It's a configuration issue with the peer (or the peer it's matching) in sip.conf You have configured the peer to use avpf but your phone is not attempting to do avpf. Either con

Re: [asterisk-users] getting invites to rtp ports ??

2018-08-29 Thread Telium Support Group
Block a single IP is the wrong approach (whack-a-mole). You should consider a more comprehensive approach to securing your VoIP environment. Have a look at this wiki: https://www.voip-info.org/asterisk-security/ -Original Message- From: asterisk-users [mailto:asterisk-users-boun...@

[asterisk-users] 401 unauthorized

2018-08-29 Thread Jerry Geis
hi I have a connection to a cisco all manager SIP trunk. The first call coming across CCM to the asterisk server works fine... Then when I do a second call from CCM to asterisk I am getting a SIP 401 unauthorized. My definition is simple. [CCM] type=friend dtmfmode=rfc2833 username=CCM defaultus

Re: [asterisk-users] getting invites to rtp ports ??

2018-08-29 Thread sean darcy
On 08/29/2018 09:42 AM, Carlos Rojas wrote: Hi Probably somebody is trying to hack your system, you should block that ip on your firewall. Regards On Wed, Aug 29, 2018 at 9:34 AM, sean darcy > wrote: I'm getting invites to very high ports every 30 seconds f

Re: [asterisk-users] getting invites to rtp ports ??

2018-08-29 Thread Carlos Rojas
Hi Probably somebody is trying to hack your system, you should block that ip on your firewall. Regards On Wed, Aug 29, 2018 at 9:34 AM, sean darcy wrote: > I'm getting invites to very high ports every 30 seconds from a particular > ip address: > > Retransmitting #10 (NAT) to 5.199.133.128:5273

Re: [asterisk-users] getting invites to rtp ports ??

2018-08-29 Thread Joshua Colp
On Wed, Aug 29, 2018, at 10:34 AM, sean darcy wrote: > I'm getting invites to very high ports every 30 seconds from a > particular ip address: > > Retransmitting #10 (NAT) to 5.199.133.128:52734: > SIP/2.0 401 Unauthorized > Via: SIP/2.0/UDP > 0.0.0.0:52734;branch=z9hG4bK1207255353;received=5.19

[asterisk-users] getting invites to rtp ports ??

2018-08-29 Thread sean darcy
I'm getting invites to very high ports every 30 seconds from a particular ip address: Retransmitting #10 (NAT) to 5.199.133.128:52734: SIP/2.0 401 Unauthorized Via: SIP/2.0/UDP 0.0.0.0:52734;branch=z9hG4bK1207255353;received=5.199.133.128;rport=52734 From: ;tag=1872048972 To: ;tag=as3a52e748 C