ALERT chan_skinny probes after whole_enchilada install

[restamp]

After installing a whole enchilada 13-13 field server recently (Thanks Ward!) I noticed some rats starting to nibble around open port 2000:

[2018-03-31 06:33:16] NOTICE[31797] chan_skinny.c: Starting Skinny session from 77.72.83.153
[2018-03-31 06:33:16] WARNING[31797] chan_skinny.c: Skinny packet too large (788529159 bytes), max length(2000 bytes)
[2018-03-31 06:33:16] NOTICE[31797] chan_skinny.c: Skinny Session returned: Success
[2018-03-31 06:33:16] NOTICE[31797] chan_skinny.c: Ending Skinny session from unknown at 77.72.83.153

Since I am not using either the skinny or SCCP protocols -- I think Cisco phones make use of them -- I closed port 2000 (/usr/local/sbin/iptables-custom) and excluded module chan_skinny.so in Admin > Asterisk Modules.

You may want to consider a similar remediation as well if you are not using chan_skinny.

 

[Rrrr]

@restamp thanks for your tip. I had same scary experience from IP 94.103.9.79 which was signalled.

I disabled port 2000 in iptables, but I did not find module chan_skinny.so in Admin > Asterisk Modules.

As per here, I want to add a "noload chan_skinny.so" into /etc/asterisk/modules.conf, but this file is system generated

Question:
How can I ensure that chan_skinny.so will not be loaded automatically by asterisk?

 

[ostridge]

Question:
How can I ensure that chan_skinny.so will not be loaded automatically by asterisk?

That file has an include

#include motif_custom.conf

So why not put your code there?

Oops sorry @Rrrr I looked in the wrong file

 

[restamp]

"Question:
How can I ensure that chan_skinny.so will not be loaded automatically by asterisk?

From the FreePBX Admin console in your browser, go to "Admin > Asterisk Modules" and add chan_skinny.so under the "Excluded Modules" tab.

 

[Rrrr]

@ostridge Thanks, its not in my motif.conf
@restamp Thanks, of course

Asterisk 13.18.5
Incredible 13.0.120.10
Centos 6.9