Trimline2
Guru
- Joined
- May 23, 2013
- Messages
- 524
- Reaction score
- 96
The other day, I turned on specific logging on my WNDR3700 when connections where made to the PBX (192.168.1.123). To my surprise, I found a couple of heathens coming in on UDP ports, (10000 - 2000 are forwarded to the PBX) an example is :
[LAN access from remote] from 92.53.126.118:80 to 192.168.1.123:15446, Thursday, July 18,2013 09:13:34
See - http://whoisinternetprotocol.com/92.53.126.118/ A few others from China, etc...
So now I can see UDP ports are being scanned. Although nothing has happened on my system (secure with no 5060 port forwarded and very obscure and long passwords) I thought I would try installing the Whitelist option found here: http://nerdvittles.com/?p=709
I didn't get past the Whitelist generation as it was riddled with errors although a subset of used IP addresses was generated. Errors included "iptables: Bad rule (does a matching rule exist in that chain?)." and "resolveip: Unable to find hostid for 'dynamic': host not found."
Question(s)
1. Is there a new copy/install of Whitelist available
2. Would it be better to install Travel'n Man as it contains the Whitelist functions
Has anyone else logged this behavior or, should I just go have a beer and forget about UDP sniffing...
PBX in a Flash PURPLE Status Program
------------------------------------------------------------------------------
+-------------------SYSTEM INFORMATION *VERIFIED*---------------------+
¦ Asterisk = ONLINE | Dahdi = ONLINE | MySQL = ONLINE ¦
¦ SSH = ONLINE | Apache = ONLINE | Iptables = ONLINE ¦
¦ Fail2ban = ONLINE | Internet = ONLINE | Ip6Tables = ONLINE ¦
¦ Disk Free = ADEQUATE| Mem Free = ADEQUATE| NTPD = ONLINE ¦
¦ SendMail = ONLINE | Samba = ONLINE | Webmin = ONLINE ¦
¦ Ethernet0 = ONLINE | Ethernet1 = N/A | Wlan0 = N/A ¦
¦ ¦
¦ PIAF Installed Version = 2.0.6.2 under *HARDWARE* ¦
¦ FreePBX Version = 2.10.1.9 ¦
¦ Running Asterisk Version = 1.8.8.0 ¦
¦ Asterisk Source Version = 1.8.8.0 ¦
¦ Dahdi Source Version = 2.6.0+2.6.0 ¦
¦ Libpri Source Version = 1.4.12 ¦
¦ IP Address = 192.168.1.123 on eth0 ¦
¦ Operating System = CentOS release 6.2 (Final) ¦
¦ Kernel Version = 2.6.32-220.7.1.el6.i686 - 32 Bit ¦
¦ ¦
+---------------------------------------------------------------------+
[LAN access from remote] from 92.53.126.118:80 to 192.168.1.123:15446, Thursday, July 18,2013 09:13:34
See - http://whoisinternetprotocol.com/92.53.126.118/ A few others from China, etc...
So now I can see UDP ports are being scanned. Although nothing has happened on my system (secure with no 5060 port forwarded and very obscure and long passwords) I thought I would try installing the Whitelist option found here: http://nerdvittles.com/?p=709
I didn't get past the Whitelist generation as it was riddled with errors although a subset of used IP addresses was generated. Errors included "iptables: Bad rule (does a matching rule exist in that chain?)." and "resolveip: Unable to find hostid for 'dynamic': host not found."
Question(s)
1. Is there a new copy/install of Whitelist available
2. Would it be better to install Travel'n Man as it contains the Whitelist functions
Has anyone else logged this behavior or, should I just go have a beer and forget about UDP sniffing...
PBX in a Flash PURPLE Status Program
------------------------------------------------------------------------------
+-------------------SYSTEM INFORMATION *VERIFIED*---------------------+
¦ Asterisk = ONLINE | Dahdi = ONLINE | MySQL = ONLINE ¦
¦ SSH = ONLINE | Apache = ONLINE | Iptables = ONLINE ¦
¦ Fail2ban = ONLINE | Internet = ONLINE | Ip6Tables = ONLINE ¦
¦ Disk Free = ADEQUATE| Mem Free = ADEQUATE| NTPD = ONLINE ¦
¦ SendMail = ONLINE | Samba = ONLINE | Webmin = ONLINE ¦
¦ Ethernet0 = ONLINE | Ethernet1 = N/A | Wlan0 = N/A ¦
¦ ¦
¦ PIAF Installed Version = 2.0.6.2 under *HARDWARE* ¦
¦ FreePBX Version = 2.10.1.9 ¦
¦ Running Asterisk Version = 1.8.8.0 ¦
¦ Asterisk Source Version = 1.8.8.0 ¦
¦ Dahdi Source Version = 2.6.0+2.6.0 ¦
¦ Libpri Source Version = 1.4.12 ¦
¦ IP Address = 192.168.1.123 on eth0 ¦
¦ Operating System = CentOS release 6.2 (Final) ¦
¦ Kernel Version = 2.6.32-220.7.1.el6.i686 - 32 Bit ¦
¦ ¦
+---------------------------------------------------------------------+