[App_rpt-users] CLI help

Scott Weis kb2ear at kb2ear.net
Fri Jun 27 19:16:32 UTC 2014 

Also add

 

alwaysauthreject=yes

allowguest=no

 

in your sip.conf file under [general]

 

Fail2ban updates your iptables based on the ipaddresses of stuff trying to access your sip port without success.

 

Scott

 

 

From: app_rpt-users-bounces at ohnosec.org [mailto:app_rpt-users-bounces at ohnosec.org] On Behalf Of Robert Newberry
Sent: Friday, June 27, 2014 3:10 PM
To: n0pco at darnsimple.net; app_rpt-users at ohnosec.org
Subject: Re: [App_rpt-users] CLI help

 

OK thru some googling and reading help files I've blocked the IP address. I then used iptables -L to verify I did it. I will monitor the CLI and see if the see if the attempts keep coming.

Thank you

 

On Fri, Jun 27, 2014 at 3:02 PM, Robert Newberry <N1XBM at amsat.org <mailto:N1XBM at amsat.org> > wrote:

I also googled the IP and I'm coming up with India...slightly confused on that.

 

On Fri, Jun 27, 2014 at 2:57 PM, Robert Newberry <N1XBM at amsat.org <mailto:N1XBM at amsat.org> > wrote:

OK so I found the offending IP address out of South Brisdane, Queensland. They are just going thru 4 digit extensions one by one, they file is quite large. What should I do next? Block the IP and report it?

 

On Fri, Jun 27, 2014 at 2:00 PM, DARN SIMPLE | N0PCO <n0pco at darnsimple.net <mailto:n0pco at darnsimple.net> > wrote:

As most would say "you're dealing with script kiddies"  people that are trying to find a free route for the calls among other mischievous things.

-----------------

Check the file /var/log/asterisk/messages for some helpful clues where the attempts are coming from.

Look for SECURITY[numbercode]   there should be some ip addresses on the same line.

You can find out more about the ip address and the subnet involved by going to: http://mxtoolbox.com/arin.aspx and enter the ip address.

Do you know how to set up the iptable rules?

------------------


It's more of a nuisance than anything else.    Still a good idea to learn how to use iptables, it will make things easier in the long run.


Mars








On 06/27/2014 11:59 AM, Robert Newberry wrote:

Can anyone tell me what this means in my CLI?


[Jun 27 12:47:44] NOTICE[2177]: chan_sip.c:14418 handle_request_invite:
Call from '' to extension '+901148422885410' rejected because extension not
found.
[Jun 27 12:48:04] WARNING[2177]: chan_sip.c:1964 retrans_pkt: Maximum
retries exceeded on transmission 768cac067094ca767d045f9ac57d60d3 for seqno
1 (Critical Response) -- See doc/sip-retransmit.txt.
N1XBM*CLI>

So I do have to extensions setup one is my tablet (which is off) I also
have my cell phone (which I have in airplane mode). Is someone trying to
hack my server?

Thank you



 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20140627/6acef5b0/attachment.html>

More information about the App_rpt-users mailing list