[Problem] Angriffe, Scanner ... und kein ende...

Sidebar Sidebar
Upgrade 3CX to v18 and get it hosted free!
B

brenner23

Neuer User
Mitglied seit
29 Mai 2011
Beiträge
136
Punkte für Reaktionen
0
Punkte
16
Hallo,
Ich hab mal auf meinem Rootserver geschaut, und gesehn das sich viele an meiner Astereisk 13 versuchen
Also es ist kein Sip.Account gespeicher der ein raustelefonieren möglich macht... aber ich nutze es als Familielen und Freunde Telefonanlage... also wenn jemand auf den Malidieven ist und W-Lan auf dem Handy hat kann er anrufen ... kostenlos über meine Asterisk ... oder sonst wo auf der Erde, Hauptsache W-Lan...

Ich hatte schon Fail2ban en am laufen, es wird auch viel gebannt... dieses ist auch OK...
Aber die Session Angrffe bekomme ich nicht in den Griff

[Oct 6 00:12:20] WARNING[836]: chan_sip.c:4130 retrans_pkt: Timeout on 781087680-669275815-50556461 on n on-critical invite transaction.

Es geht mir darum diese "Scanner " auch zu Blockieren... Es nervt nur dieses Zeile für Zeile zu Lesen im Sekundentakt... wenn ich was in der Asterisk console einstellen will ....

Wie habt ihr das gelöst ???
 
Moin


Müssen sich...
brenner23 schrieb:
Hauptsache W-Lan...
Zum Vergrößern anklicken....
...am Asterisk registrieren/authorisieren ?
Dann...
Code: 
[general]
context=public                  ; Default context for incoming calls. Defaults to 'default'
allowguest=no                   ; Allow or reject guest calls (default is yes)
                                ; If your Asterisk is connected to the Internet
                                ; and you have allowguest=yes
alwaysauthreject = yes          ; When an incoming INVITE or REGISTER is to be rejected,
                                ; for any reason, always reject with an identical response
                                ; equivalent to valid username and invalid password/hash
                                ; instead of letting the requester know whether there was
                                ; a matching user or peer for their request.  This reduces
                                ; the ability of an attacker to scan for valid SIP usernames.
                                ; This option is set to "yes" by default.
...ist Ruhe.
 
Hallo,
Ich pack mal ein auszuig aus der Sip.conf bei

Code: 
[general]
allowguest=no
language=de
country=de ; Neu
rtcachefriends=yes
allowguest=no
alwaysauthreject=yes
realm = pi3
port =5060
binasddr = 0.0.0.0
qualify = yes
disable = all
videosupport = no
disallow=all
allow=alaw
allow=ulaw
#allow=ulaw,alaw,g729,g722,ilbc,gsm
directmedia = no
insecure=port,invite
dtmfmode = rfc2833
srvlookup = yes

Das ist schon alles drinne, blos versuche werden immer noch angezeigt... als Notiz oder Warning

Siehe hier....
Code: 
root@VPS-Server:~# asterisk -vvvvvvr
No ethernet interface found for seeding global EID. You will have to set it manu                                                                                    ally.
Asterisk 13.14.1~dfsg-2+deb9u3, Copyright (C) 1999 - 2014, Digium, Inc. and othe                                                                                    rs.
Created by Mark Spencer <[email protected]>
Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for detail                                                                                    s.
This is free software, with components licensed under the GNU General Public
License version 2 and other licenses; you are welcome to redistribute it under
certain conditions. Type 'core show license' for details.
=========================================================================
Connected to Asterisk 13.14.1~dfsg-2+deb9u3 currently running on v21223 (pid = 4                                                                                    036)
[Oct  6 20:16:46] WARNING[4090]: chan_sip.c:4130 retrans_pkt: Timeout on 9026115                                                                                    22-1168426542-750381691 on non-critical invite transaction.
[Oct  6 20:16:47] NOTICE[4090][C-000072f2]: chan_sip.c:26179 handle_request_invi                                                                                    te: Failed to authenticate device <sip:[email protected]>;tag=614600339
[Oct  6 20:16:49] WARNING[4090]: chan_sip.c:4130 retrans_pkt: Timeout on 329464568-63377386-362996367 on non-critical invite transaction.
[Oct  6 20:16:50] WARNING[4090]: chan_sip.c:4130 retrans_pkt: Timeout on 1901265302-2042707532-2044978979 on non-critical invite transaction.
[Oct  6 20:16:50] NOTICE[4090][C-000072f5]: chan_sip.c:26179 handle_request_invite: Failed to authenticate device <sip:[email protected]>;tag=973523414
[Oct  6 20:16:55] WARNING[4090]: chan_sip.c:4071 retrans_pkt: Retransmission timeout reached on transmission 351109061-1172478851-361993828 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32000ms with no response
[Oct  6 20:16:55] WARNING[4090]: chan_sip.c:4130 retrans_pkt: Timeout on 1495845373-546590024-1825671147 on non-critical invite transaction.
[Oct  6 20:16:55] NOTICE[4090][C-000072fa]: chan_sip.c:26179 handle_request_invite: Failed to authenticate device <sip:[email protected]>;tag=818400875
[Oct  6 20:16:56] NOTICE[4090][C-000072fc]: chan_sip.c:26179 handle_request_invite: Failed to authenticate device <sip:[email protected]>;tag=1419230621
[Oct  6 20:16:56] WARNING[4090]: chan_sip.c:4071 retrans_pkt: Retransmission timeout reached on transmission 1256183157-1126349927-964432006 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32006ms with no response
[Oct  6 20:16:56] WARNING[4090]: chan_sip.c:4130 retrans_pkt: Timeout on 466970507-691605428-1384441729 on non-critical invite transaction.
[Oct  6 20:16:57] WARNING[4090]: chan_sip.c:4130 retrans_pkt: Timeout on 883308176-1114762892-152568351 on non-critical invite transaction.
[Oct  6 20:16:57] NOTICE[4090][C-000072fe]: chan_sip.c:26179 handle_request_invite: Failed to authenticate device <sip:[email protected]>;tag=1453804812
[Oct  6 20:16:57] WARNING[4090]: chan_sip.c:4071 retrans_pkt: Retransmission timeout reached on transmission 1350207524-833575938-642846144 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32000ms with no response
[Oct  6 20:17:00] WARNING[4090]: chan_sip.c:4071 retrans_pkt: Retransmission timeout reached on transmission 524614128-917167686-906303102 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32000ms with no response
[Oct  6 20:17:02] WARNING[4090]: chan_sip.c:4071 retrans_pkt: Retransmission timeout reached on transmission 1164105419-197223551-865281569 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32000ms with no response
[Oct  6 20:17:03] NOTICE[4090][C-000072ff]: chan_sip.c:26179 handle_request_invite: Failed to authenticate device <sip:[email protected]>;tag=1976460179
[Oct  6 20:17:05] WARNING[4090]: chan_sip.c:4071 retrans_pkt: Retransmission timeout reached on transmission 209220096-503342761-1530477031 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32000ms with no response
[Oct  6 20:17:06] NOTICE[4090][C-00007303]: chan_sip.c:26179 handle_request_invite: Failed to authenticate device <sip:[email protected]>;tag=1969664
[Oct  6 20:17:07] WARNING[4090]: chan_sip.c:4130 retrans_pkt: Timeout on 1848965886-1304089446-1777931723 on non-critical invite transaction.
[Oct  6 20:17:09] NOTICE[4090][C-00007306]: chan_sip.c:26179 handle_request_invite: Failed to authenticate device <sip:[email protected]>;tag=1466032727
[Oct  6 20:17:10] WARNING[4090]: chan_sip.c:4130 retrans_pkt: Timeout on 369314217-991640732-498139277 on non-critical invite transaction.
[Oct  6 20:17:10] WARNING[4090]: chan_sip.c:4130 retrans_pkt: Timeout on 935201919-1490712666-352625474 on non-critical invite transaction.
[Oct  6 20:17:10] WARNING[4090]: chan_sip.c:4130 retrans_pkt: Timeout on 1249347004-1552905162-1832130722 on non-critical invite transaction.
[Oct  6 20:17:11] WARNING[4090]: chan_sip.c:4071 retrans_pkt: Retransmission timeout reached on transmission 1049610223-101450187-63217307 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32000ms with no response
[Oct  6 20:17:11] WARNING[4090]: chan_sip.c:4130 retrans_pkt: Timeout on 916838514-268476609-2127387297 on non-critical invite transaction.
[Oct  6 20:17:13] WARNING[4090]: chan_sip.c:4130 retrans_pkt: Timeout on 181895415-1854282049-656833457 on non-critical invite transaction.
[Oct  6 20:17:14] WARNING[4090]: chan_sip.c:4071 retrans_pkt: Retransmission timeout reached on transmission 1735886038-1473053093-164125330 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32000ms with no response
[Oct  6 20:17:14] NOTICE[4090][C-00007307]: chan_sip.c:26179 handle_request_invite: Failed to authenticate device <sip:[email protected]>;tag=158498804
 
OK...

1. allowguest ist doppelt, änderst du mal den ersten , setzt der Zweite es zurück.
2. binasddr gibbet nicht
3. insecure hat imho unter [general] nichts zu suchen
...dazu...
"Other cautions when adding SIP User Accounts
Never include the parameter “insecure=invite” or “insecure=very” when defining a dynamic SIP user account. If you do, it will disable password checking for that account. Where possible, restrict the range of IP addresses from which the user is allowed to connect using the “deny” and “permit” parameters. This is a good idea where all possible source IP addresses are known in advance such as from a local LAN in an office. If possible, avoid setting the type to “friend”. Instead use “type=peer” and “host=dynamic” "
Quelle
...

Das "qualify" würd ich auch löschen.
( unnötiger netzwerkverkehr, flooding, DoS Attacke ;) )

Überprüfe mal deine Settings auch ob sie wirklich greifen, mit...
Code: 
core set verbose 0
core set debug 0
sip show settings
sip show peer [Peername oder Nummer]
 
Zuletzt bearbeitet:
Also ich habe mal die Zeilen verändert....

und mal hier das Sio show settings
Code: 
Global Settings:
----------------
  UDP Bindaddress:        [IPvomServer]:5060
  TCP SIP Bindaddress:    Disabled
  TLS SIP Bindaddress:    Disabled
  Videosupport:           No
  Textsupport:            No
  Ignore SDP sess. ver.:  No
  AutoCreate Peer:        Off
  Match Auth Username:    No
  Allow unknown access:   No
  Allow subscriptions:    Yes
  Allow overlap dialing:  Yes
  Allow promisc. redir:   No
  Enable call counters:   Yes
  SIP domain support:     No
  Path support :          No
  Realm. auth:            No
  Our auth realm          pi3
  Use domains as realms:  No
  Call to non-local dom.: Yes
  URI user is phone no:   No
  Always auth rejects:    Yes
  Direct RTP setup:       No
  User Agent:             Asterisk PBX 13.14.1~dfsg-2+deb9u3
  SDP Session Name:       Asterisk PBX 13.14.1~dfsg-2+deb9u3
  SDP Owner Name:         root
  Reg. context:           (not set)
  Regexten on Qualify:    No
  Trust RPID:             No
  Send RPID:              No
  Legacy userfield parse: No
  Send Diversion:         Yes
  Caller ID:              asterisk
  From: Domain:
  Record SIP history:     Off
  Auth. Failure Events:   Off
  T.38 support:           No
  T.38 EC mode:           Unknown
  T.38 MaxDtgrm:          4294967295
  SIP realtime:           Enabled
  Qualify Freq :          60000 ms
  Q.850 Reason header:    No
  Store SIP_CAUSE:        No

Network QoS Settings:
---------------------------
  IP ToS SIP:             CS0
  IP ToS RTP audio:       CS0
  IP ToS RTP video:       CS0
  IP ToS RTP text:        CS0
  802.1p CoS SIP:         4
  802.1p CoS RTP audio:   5
  802.1p CoS RTP video:   6
  802.1p CoS RTP text:    5
  Jitterbuffer enabled:   No

Network Settings:
---------------------------
  SIP address remapping:  Disabled, no localnet list
  Externhost:             <none>
  Externaddr:             (null)
  Externrefresh:          10

Global Signalling Settings:
---------------------------
  Codecs:                 (alaw|ulaw)
  Relax DTMF:             No
  RFC2833 Compensation:   No
  Symmetric RTP:          No
  Compact SIP headers:    No
  RTP Keepalive:          0 (Disabled)
  RTP Timeout:            0 (Disabled)
  RTP Hold Timeout:       0 (Disabled)
  MWI NOTIFY mime type:   application/simple-message-summary
  DNS SRV lookup:         Yes
  Pedantic SIP support:   Yes
  Reg. min duration       60 secs
  Reg. max duration:      3600 secs
  Reg. default duration:  120 secs
  Sub. min duration       60 secs
  Sub. max duration:      3600 secs
  Outbound reg. timeout:  20 secs
  Outbound reg. attempts: 0
  Outbound reg. retry 403:No
  Notify ringing state:   Yes
    Include CID:          No
  Notify hold state:      No
  SIP Transfer mode:      open
  Max Call Bitrate:       384 kbps
  Auto-Framing:           No
  Outb. proxy:            <not set>
  Session Timers:         Accept
  Session Refresher:      uas
  Session Expires:        1800 secs
  Session Min-SE:         90 secs
  Timer T1:               500
  Timer T1 minimum:       100
  Timer B:                32000
  No premature media:     Yes
  Max forwards:           70

Default Settings:
-----------------
  Allowed transports:     UDP
  Outbound transport:     UDP
  Context:                default
  Record on feature:      automon
  Record off feature:     automon
  Force rport:            Auto (No)
  DTMF:                   rfc2833
  Qualify:                2000
  Keepalive:              0
  Use ClientCode:         No
  Progress inband:        No
  Language:               de
  Tone zone:              <Not set>
  MOH Interpret:          default
  MOH Suggest:
  Voice Mail Extension:   asterisk

Realtime SIP Settings:
----------------------
  Realtime Peers:         Yes
  Realtime Regs:          No
  Cache Friends:          Yes
  Update:                 Yes
  Ignore Reg. Expire:     No
  Save sys. name:         No
  Save path header:       No
  Auto Clear:             120 (Disabled)

----

Aber es werden nach neuastart immer noch alles angezegt

Code: 
[
[Oct  6 22:09:21] NOTICE[9820][C-000000f2]: chan_sip.c:26179 handle_request_invite: Failed to authenticate device <sip:1010@[IPvomServer]>;tag=1067487235
[Oct  6 22:09:21] WARNING[9820]: chan_sip.c:4071 retrans_pkt: Retransmission timeout reached on transmission 624732862-1004154118-1364561034 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32000ms with no response
[Oct  6 22:09:21] WARNING[9820]: chan_sip.c:4130 retrans_pkt: Timeout on 1531104247-622992236-345330045 on non-critical invite transaction.
[Oct  6 22:09:21] WARNING[9820]: chan_sip.c:4071 retrans_pkt: Retransmission timeout reached on transmission 85434786-1333436136-1092013386 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32000ms with no response
[Oct  6 22:09:22] NOTICE[9820][C-000000f4]: chan_sip.c:26179 handle_request_invite: Failed to authenticate device <sip:1@[IPvomServer]>;tag=2078862771
[Oct  6 22:09:23] WARNING[9820]: chan_sip.c:4071 retrans_pkt: Retransmission timeout reached on transmission 701089800-451925429-1416736445 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 31999ms with no response
[Oct  6 22:09:24] WARNING[9820]: chan_sip.c:4130 retrans_pkt: Timeout on 1197455401-587115093-1221824182 on non-critical invite transaction.
[Oct  6 22:09:26] WARNING[9820]: chan_sip.c:4071 retrans_pkt: Retransmission timeout reached on transmission 748003663-1211765187-208948773 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32001ms with no response
[Oct  6 22:09:27] WARNING[9820]: chan_sip.c:4071 retrans_pkt: Retransmission timeout reached on transmission 1281456269-719591016-1587505977 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32000ms with no response
[Oct  6 22:09:28] WARNING[9820]: chan_sip.c:4130 retrans_pkt: Timeout on 302930385-119280837-24745559 on non-critical invite transaction.
[Oct  6 22:09:28] WARNING[9820]: chan_sip.c:4071 retrans_pkt: Retransmission timeout reached on transmission 1253339840-1704249542-1473819418 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32001ms with no response
[Oct  6 22:09:28] WARNING[9820]: chan_sip.c:4071 retrans_pkt: Retransmission timeout reached on transmission 1247649173-2003992535-84333911 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32000ms with no response
[Oct  6 22:09:28] NOTICE[9820][C-000000f7]: chan_sip.c:26179 handle_request_invite: Failed to authenticate device <sip:1@[IPvomServer]>;tag=1783579943
[Oct  6 22:09:29] WARNING[9820]: chan_sip.c:4071 retrans_pkt: Retransmission timeout reached on transmission 246117491-172343224-1605361545 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32000ms with no response
[Oct  6 22:09:30] WARNING[9820]: chan_sip.c:4071 retrans_pkt: Retransmission timeout reached on transmission 1899720282-1770438357-289754996 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 31999ms with no response

Mal noch hier die Verändeung
Code: 
[general]
allowguest=no
language=de
country=de ; Neu
rtcachefriends=yes
alwaysauthreject=yes
realm = pi3
port =5060
bindaddr = [IPvomServer]
#qualify = yes
disable = all
videosupport = no
disallow=all
allow=alaw
allow=ulaw
#allow=ulaw,alaw,g729,g722,ilbc,gsm
directmedia = no
#insecure=port,invite
dtmfmode = rfc2833
srvlookup = yes
 
Hallo
ein Nachtrag:
Habe nun eine Option hinzugefügt in den Logger.conf.
Nun sehe in den Logs und Console dies

Code: 
...
[Oct  7 00:45:27] SECURITY[15378]: res_security_log.c:116 security_event_stasis_cb: SecurityEvent="ChallengeSent",EventTV="2018-10-07T00:45:27.223+0200",Severity="Informational",Service="SIP",EventVersion="1",AccountID="sip:1001@[MeineIP]",SessionID="0x5566c68d4b80",LocalAddress="IPV4/UDP/178.254.1.223/5060",RemoteAddress="IPV4/UDP/37.49.231.132/62105",Challenge="04d94e89"
...
...
Wenn ich dies mit einem Verändertdem String in den Fail2Ban verarnbeite dann schmeist der auch meiune IP raus... Weil es nur eine Info ist ! (ChallengeSent)



08.10.2018 Nachtrag:

Ich hab mal das Warning ausgeschaltet und Security an ...
Dann habe ich mal 2 IP Ranges aus RU und CA gesperrt
DROP all -- 37.49.231.0/24 anywhere
DROP all -- 185.40.4.0/24 anywhere
nun ist es ruhiger....erstmal :)
 
Zuletzt bearbeitet:
Um antworten zu können musst du eingeloggt sein.

Zurzeit aktive Besucher

Gesamt: 652 (Mitglieder: 36, Gäste: 616)

Neueste Beiträge

Statistik des Forums

Themen
246,347
Beiträge
2,250,560
Mitglieder
374,002
Neuestes Mitglied
Snert-1
Holen Sie sich 3CX - völlig kostenlos!
Verbinden Sie Ihr Team und Ihre Kunden Telefonie Livechat Videokonferenzen

Gehostet oder selbst-verwaltet. Für bis zu 10 Nutzer dauerhaft kostenlos. Keine Kreditkartendetails erforderlich. Ohne Risiko testen.

3CX
Für diese E-Mail-Adresse besteht bereits ein 3CX-Konto. Sie werden zum Kundenportal weitergeleitet, wo Sie sich anmelden oder Ihr Passwort zurücksetzen können, falls Sie dieses vergessen haben.
Ihr E-Mail-Adresse verifizieren

Ihr E-Mail-Adresse verifizieren

Wir haben Ihnen eine E-Mail geschickt. Klicken Sie auf die Schaltfläche im E-Mail-Text, um Ihre E-Mail-Adresse zu verifizieren – (Können Sie diese nicht finden können, dann überprüfen Sie Ihren Spam-Ordner).

IPPF im Überblick

Neueste Beiträge

Direktlinks Telefonanlage

Website-Sponsoren

3CX sponsor
KONTAKTIEREN SIE UNS BEI INTERESSE
| Style by ThemeHouse
XenPorta 2 PRO © Jason Axelrod of 8WAYRUN
Oben Unten
Zurück