<div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif">I would block the IP address using iptables</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Jun 27, 2014 at 2:02 PM, Robert Newberry <span dir="ltr"><<a href="mailto:N1XBM@amsat.org" target="_blank">N1XBM@amsat.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I also googled the IP and I'm coming up with India...slightly confused on that.<br></div><div class="gmail_extra">
<br><br><div class="gmail_quote">On Fri, Jun 27, 2014 at 2:57 PM, Robert Newberry <span dir="ltr"><<a href="mailto:N1XBM@amsat.org" target="_blank">N1XBM@amsat.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">OK so I found the offending IP address out of South Brisdane, Queensland. They are just going thru 4 digit extensions one by one, they file is quite large. What should I do next? Block the IP and report it?<br>
</div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Jun 27, 2014 at 2:00 PM, DARN SIMPLE | N0PCO <span dir="ltr"><<a href="mailto:n0pco@darnsimple.net" target="_blank">n0pco@darnsimple.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">As most would say "you're dealing with script kiddies" people that are trying to find a free route for the calls among other mischievous things.<br>
<br>
-----------------<br>
<br>
Check the file /var/log/asterisk/messages for some helpful clues where the attempts are coming from.<br>
<br>
Look for SECURITY[numbercode] there should be some ip addresses on the same line.<br>
<br>
You can find out more about the ip address and the subnet involved by going to: <a href="http://mxtoolbox.com/arin.aspx" target="_blank">http://mxtoolbox.com/arin.aspx</a> and enter the ip address.<br>
<br>
Do you know how to set up the iptable rules?<br>
<br>
------------------<br>
<br>
<br>
It's more of a nuisance than anything else. Still a good idea to learn how to use iptables, it will make things easier in the long run.<br>
<br>
<br>
Mars<div><div><br>
<br>
<br>
<br>
<br>
<br>
<br>
On 06/27/2014 11:59 AM, Robert Newberry wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Can anyone tell me what this means in my CLI?<br>
<br>
<br>
[Jun 27 12:47:44] NOTICE[2177]: chan_sip.c:14418 handle_request_invite:<br>
Call from '' to extension '+901148422885410' rejected because extension not<br>
found.<br>
[Jun 27 12:48:04] WARNING[2177]: chan_sip.c:1964 retrans_pkt: Maximum<br>
retries exceeded on transmission 768cac067094ca767d045f9ac57d60<u></u>d3 for seqno<br>
1 (Critical Response) -- See doc/sip-retransmit.txt.<br>
N1XBM*CLI><br>
<br>
So I do have to extensions setup one is my tablet (which is off) I also<br>
have my cell phone (which I have in airplane mode). Is someone trying to<br>
hack my server?<br>
<br>
Thank you<br>
<br>
<br>
</blockquote>
<br>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
<br>_______________________________________________<br>
App_rpt-users mailing list<br>
<a href="mailto:App_rpt-users@ohnosec.org">App_rpt-users@ohnosec.org</a><br>
<a href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users" target="_blank">http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</a><br>
<br>
To unsubscribe from this list please visit <a href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users" target="_blank">http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</a> and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"<br>
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem. <br></blockquote></div><br></div>