Thursday, May 14, 2009

Re: [asterisk-biz] Bad routign or hack attempt ?

It would be a good start to get an IP address for everything a SIP client
does that gets logged.

I have a customer who insists on keeping the guest option turned to on and
from time to time there are funny people who try to dial out phone numbers
(and of course get no where), however the message doesn't log the IP
address so I cannot use it with something like fail2ban.

I would like to have it with the peer name, so I always have peer name +
ip address on all logged messages for SIP or IAX

On Thu, 14 May 2009, Ken Rice wrote:

> Date: Thu, 14 May 2009 10:35:06 -0500
> From: Ken Rice <krice@rmktek.com>
> Reply-To: Commercial and Business-Oriented Asterisk Discussion
> <asterisk-biz@lists.digium.com>
> To: Commercial and Business-Oriented Asterisk Discussion
> <asterisk-biz@lists.digium.com>
> Subject: Re: [asterisk-biz] Bad routign or hack attempt ?
>
> He's also using this IP address
> 173.45.67.130
>
>
>
>
>> From: ContactTel Business <lists@contacttel.com>
>> Reply-To: Commercial and Business-Oriented Asterisk Discussion
>> <asterisk-biz@lists.digium.com>
>> Date: Thu, 14 May 2009 10:15:47 -0400
>> To: 'Commercial and Business-Oriented Asterisk Discussion'
>> <asterisk-biz@lists.digium.com>
>> Subject: Re: [asterisk-biz] Bad routign or hack attempt ?
>>
>> Here is the trace.. please DEVs... add a reporting option to sip stack that
>> will report on that ip , or something..
>> This guy has been hacking alot of servers and is currently under FBI
>> investigation
>> You see he's using s=Asterisk PBX 1.6.0.5.
>>
>>
>>
>>
>> U 2009/05/14 06:42:17.973715 93.190.143.10:5060 -> 174.x.x.x:5060
>> INVITE sip:98103619990127@174.x.x.xSIP/2.0.
>> Via: SIP/2.0/UDP 93.190.143.10:5060;branch=z9hG4bK3f5cffbb;rport.
>> Max-Forwards: 70.
>> From: "MeucciSolutions" <sip:MeucciSolutions@93.190.143.10>;tag=as123b6c7b.
>> To: <sip:98103619990127@174.x.x.x>.
>> Contact: <sip:MeucciSolutions@93.190.143.10>.
>> Call-ID: 271aa7a750168cf60a36ad654a713caa@93.190.143.10.
>> CSeq: 102 INVITE.
>> User-Agent: MeucciSolutions.
>> Date: Thu, 14 May 2009 10:42:25 GMT.
>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
>> Supported: replaces, timer.
>> Content-Type: application/sdp.
>> Content-Length: 287.
>> .
>> v=0.
>> o=root 634218215 634218215 IN IP4 93.190.143.10.
>> s=Asterisk PBX 1.6.0.5.
>> c=IN IP4 93.190.143.10.
>> t=0 0.
>> m=audio 10990 RTP/AVP 8 0 101.
>> a=rtpmap:8 PCMA/8000.
>> a=rtpmap:0 PCMU/8000.
>> a=rtpmap:101 telephone-event/8000.
>> a=fmtp:101 0-16.
>> a=silenceSupp:off - - - -.
>> a=ptime:20.
>> a=sendrecv.
>>
>>
>>>> -----Original Message-----
>>>> From: asterisk-biz-bounces@lists.digium.com [mailto:asterisk-biz-
>>>> bounces@lists.digium.com] On Behalf Of Elliot Otchet
>>>> Sent: May-13-09 7:43 PM
>>>> To: 'asterisk-biz@lists.digium.com'
>>>> Subject: Re: [asterisk-biz] Bad routign or hack attempt ?
>>>>
>>>> Agreed. We've seen it too.
>>>>
>>>> Pardon the typos, my Blackberry has small buttons.
>>>> Elliot Otchet
>>>> Calling Circles LLC
>>>>
>>>> ----- Original Message -----
>>>> From: asterisk-biz-bounces@lists.digium.com <asterisk-biz-
>>>> bounces@lists.digium.com>
>>>> To: Commercial and Business-Oriented Asterisk Discussion <asterisk-
>>>> biz@lists.digium.com>
>>>> Sent: Wed May 13 19:27:03 2009
>>>> Subject: Re: [asterisk-biz] Bad routign or hack attempt ?
>>>>
>>>>
>>>> Hack attempt 100%. Ban it.
>>>>
>>>> --- On Wed, 5/13/09, ContactTel Business <lists@contacttel.com> wrote:
>>>>
>>>>> From: ContactTel Business <lists@contacttel.com>
>>>>> Subject: [asterisk-biz] Bad routign or hack attempt ?
>>>>> To: "'Commercial and Business-Oriented Asterisk Discussion'"
>>>> <asterisk-biz@lists.digium.com>
>>>>> Date: Wednesday, May 13, 2009, 7:05 PM
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Seems someone at MeucciSolutions@93.190.143.10
>>>>> could be trying to break in ..
>>>>>
>>>>>
>>>>>
>>>>> Anyone have heard of any of the 2
>>>>> parts of the uri ?
>>>>>
>>>>>
>>>>>
>>>>> Thanks
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> -----Inline Attachment Follows-----
>>>>>
>>>>> _______________________________________________
>>>>> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>>>>>
>>>>> asterisk-biz mailing list
>>>>> To UNSUBSCRIBE or update options visit:
>>>>> http://lists.digium.com/mailman/listinfo/asterisk-biz
>>>>
>>>> _______________________________________________
>>>> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>>>>
>>>> asterisk-biz mailing list
>>>> To UNSUBSCRIBE or update options visit:
>>>> http://lists.digium.com/mailman/listinfo/asterisk-biz
>>>>
>>>> This message is intended only for the use of the individual (s) or
>>>> entity to which it is addressed and may contain information that is
>>>> privileged, confidential, and/or proprietary to Calling Circles LLC and
>>>> its affiliates. If the reader of this message is not the intended
>>>> recipient, you are hereby notified that any dissemination,
>>>> distribution, forwarding or copying of this communication is prohibited
>>>> without the express permission of the sender. If you have received this
>>>> communication in error, please notify the sender immediately and delete
>>>> the original message.
>>>> _______________________________________________
>>>> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>>>>
>>>> asterisk-biz mailing list
>>>> To UNSUBSCRIBE or update options visit:
>>>> http://lists.digium.com/mailman/listinfo/asterisk-biz
>>
>>
>> _______________________________________________
>> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>>
>> asterisk-biz mailing list
>> To UNSUBSCRIBE or update options visit:
>> http://lists.digium.com/mailman/listinfo/asterisk-biz
>
>
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-biz
>

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)