simplydrew
Member
- Joined
- Feb 19, 2012
- Messages
- 92
- Reaction score
- 4
One of my PIAF VPS' that I'm using for a few remote phones to connect to is getting hammered from every IP imaginable, and they haven't given up since the box has come online. Fail2ban is blocking the IPs, but the attacker is changing them on almost every attempt. Excerpt from one attempt that shows in the Asterisk CLI:
I have iptables locked down to only allowing my VOIP provider's IP addresses and the location of the remote phone's WAN IP, restarted iptables, but am still getting these inbound attempts. I also have confirmed that I have "anonymous SIP connections" set to the default of "no" in "Asterisk SIP Settings".
What can I do now? This is throwing off my reporting significantly in the CDR, as I have hundreds upon hundreds of call rejections within in - so this is getting bad.
Code:
-- Executing [93011972595450358@from-sip-external:1] NoOp("SIP/MY-VPS-IP-00003472", "Received incoming SIP connection from unknown peer to 93011972595450358") in new stack
-- Executing [93011972595450358@from-sip-external:2] Set("SIP/MY-VPS-IP-00003472", "DID=93011972595450358") in new stack
-- Executing [93011972595450358@from-sip-external:3] Goto("SIP/MY-VPS-IP-00003472", "s,1") in new stack
-- Goto (from-sip-external,s,1)
-- Executing [s@from-sip-external:1] GotoIf("SIP/MY-VPS-IP-00003472", "0?checklang:noanonymous") in new stack
-- Goto (from-sip-external,s,5)
-- Executing [s@from-sip-external:5] Set("SIP/MY-VPS-IP-00003472", "TIMEOUT(absolute)=15") in new stack
-- Channel will hangup at 2015-08-30 01:45:34.901 UTC.
-- Executing [s@from-sip-external:6] Log("SIP/MY-VPS-IP-00003472", "WARNING,"Rejecting unknown SIP connection from 212.83.134.100"") in new stack
[2015-08-30 01:45:19] WARNING[10480][C-000033a9]: Ext. s:6 @ from-sip-external: "Rejecting unknown SIP connection from 212.83.134.100"
-- Executing [s@from-sip-external:7] Answer("SIP/MY-VPS-IP-00003472", "") in new stack
[2015-08-30 01:45:20] WARNING[6833]: chan_sip.c:4020 retrans_pkt: Retransmission timeout reached on transmission 8cd663c7af0929c04b8c5d6d36c506e1 for seqno 1 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 31999ms with no response
-- Executing [s@from-sip-external:8] Wait("SIP/MY-VPS-IP-00003472", "2") in new stack
-- Executing [s@from-sip-external:9] Playback("SIP/MY-VPS-IP-00003472", "ss-noservice") in new stack
-- <SIP/MY-VPS-IP-00003472> Playing 'ss-noservice.gsm' (language 'en')
-- Executing [s@from-sip-external:10] PlayTones("SIP/MY-VPS-IP-00003472", "congestion") in new stack
-- Executing [s@from-sip-external:11] Congestion("SIP/MY-VPS-IP-00003472", "5") in new stack
== Spawn extension (from-sip-external, s, 11) exited non-zero on 'SIP/MY-VPS-IP-00003472'
-- Executing [h@from-sip-external:1] Hangup("SIP/MY-VPS-IP-00003472", "") in new stack
== Spawn extension (from-sip-external, h, 1) exited non-zero on 'SIP/MY-VPS-IP-00003472'
[2015-08-30 01:45:51] WARNING[6833]: chan_sip.c:4020 retrans_pkt: Retransmission timeout reached on transmission fb9d32384b70d81a7b543ea86447332e for seqno 1 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32001ms with no response
I have iptables locked down to only allowing my VOIP provider's IP addresses and the location of the remote phone's WAN IP, restarted iptables, but am still getting these inbound attempts. I also have confirmed that I have "anonymous SIP connections" set to the default of "no" in "Asterisk SIP Settings".
What can I do now? This is throwing off my reporting significantly in the CDR, as I have hundreds upon hundreds of call rejections within in - so this is getting bad.