Hacker in meinem Asterisk Server

Sidebar Sidebar
Upgrade 3CX to v18 and get it hosted free!
Ich will nur eingehenden Verkehr von den registrierten Providern mit eingehenden Nummern

Nachdem es mit geschlossener Firewall mit
Code: 
/etc/yate/accfile.conf:;   keepalive: Optional interval for NAT keep alive.
/etc/yate/accfile.conf:keepalive=5000
die öffnen nicht ging (manche Anrufe kamen nicht durch, udp timeout wahrsch. zu kurz) habe ich es so gelöst:

Code: 
#sipgate,iptel,netvoip
iptables -A INPUT -p udp -m udp --dport 5060 -i eth1 -s 217.10.79.9,212.79.111.155,62.65.137.0/24 -j ACCEPT
Allerdings hat das den Nachteil, dass dieser Port für NAT- Verbindungen hinter diesem Yate/Router dann nicht mehr erreichbar ist,
weil jedes Paket in der INPUT chain auf dem Router endet.

Die backup SIP- clients im LAN auf anderen ports als 5060 laufen lassen, dann matchd die rule nicht.
 
Zuletzt bearbeitet:
lagerschaden schrieb:
Ich habe noch einen weiteren Sicherheits-Aspekt, den mir ein Bekannter mitgeteilt hat: man sollte seine IP-Telephone alle mit einer festen IP versehen und diese IP auch in der sip.conf eintragen:

Code: 
[32]
callerid=32 <32>
user=32
secret=passwort

host=dynamic
deny=0.0.0.0/0.0.0.0
permit=192.168.3.59/255.255.255.255  ; hier kommt die feste IP rein und wird mit 4x255 "verriegelt"
type=friend
context=buero
Zum Vergrößern anklicken....

Wenn man das Subnet vom LAN einträgt, reicht das genauso.

Ich habe ansonsten ein Script welches dynamisch die iptables Einträge anpasst weil die IP Adressen von den Providern sich ja ändern können. Sowohl INPUT als auch OUTPUT Chain ist notwendig.
 
Hallo,

habe in der sip.conf den eintrag gemacht,

[general]
allowguest=no

bei mir kommt aber immernoch .... anonyme tel versuche ....

2016-11-17 08:55:59
1479369359.89001Hangups [from-trunk]ANSWERED00:21
2016-11-17 08:53:451479369225.7301Answers [from-trunk]ANSWERED00:00

Log:

Code: 
[2016-11-17 08:53:45] VERBOSE[4477][C-00000003] pbx.c: Executing [90810972599362540@from-sip-external:1] NoOp("SIP/91.64.147.180-00000005", "Received incoming SIP connection from unknown peer to 90810972599362540") in new stack
[2016-11-17 08:53:45] VERBOSE[4477][C-00000003] pbx.c: Executing [90810972599362540@from-sip-external:2] Set("SIP/91.64.147.180-00000005", "DID=90810972599362540") in new stack
[2016-11-17 08:53:45] VERBOSE[4477][C-00000003] pbx.c: Executing [90810972599362540@from-sip-external:3] Goto("SIP/91.64.147.180-00000005", "s,1") in new stack
[2016-11-17 08:53:45] VERBOSE[4477][C-00000003] pbx_builtins.c: Goto (from-sip-external,s,1)
[2016-11-17 08:53:45] VERBOSE[4477][C-00000003] pbx.c: Executing [s@from-sip-external:1] GotoIf("SIP/91.64.147.180-00000005", "1?checklang:noanonymous") in new stack
[2016-11-17 08:53:45] VERBOSE[4477][C-00000003] pbx_builtins.c: Goto (from-sip-external,s,2)
[2016-11-17 08:53:45] VERBOSE[4477][C-00000003] pbx.c: Executing [s@from-sip-external:2] GotoIf("SIP/91.64.147.180-00000005", "1?setlanguage:from-trunk,90810972599362540,1") in new stack
[2016-11-17 08:53:45] VERBOSE[4477][C-00000003] pbx_builtins.c: Goto (from-sip-external,s,3)
[2016-11-17 08:53:45] VERBOSE[4477][C-00000003] pbx.c: Executing [s@from-sip-external:3] Set("SIP/91.64.147.180-00000005", "CHANNEL(language)=de") in new stack
[2016-11-17 08:53:45] VERBOSE[4477][C-00000003] pbx.c: Executing [s@from-sip-external:4] Goto("SIP/91.64.147.180-00000005", "from-trunk,90810972599362540,1") in new stack
[2016-11-17 08:53:45] VERBOSE[4477][C-00000003] pbx_builtins.c: Goto (from-trunk,90810972599362540,1)
[2016-11-17 08:53:45] VERBOSE[4477][C-00000003] pbx.c: Executing [90810972599362540@from-trunk:1] Set("SIP/91.64.147.180-00000005", "__FROM_DID=90810972599362540") in new stack
[2016-11-17 08:53:45] VERBOSE[4477][C-00000003] pbx.c: Executing [90810972599362540@from-trunk:2] NoOp("SIP/91.64.147.180-00000005", "Received an unknown call with DID set to 90810972599362540") in new stack
[2016-11-17 08:53:45] VERBOSE[4477][C-00000003] pbx.c: Executing [90810972599362540@from-trunk:3] Goto("SIP/91.64.147.180-00000005", "s,a2") in new stack
[2016-11-17 08:53:45] VERBOSE[4477][C-00000003] pbx_builtins.c: Goto (from-trunk,s,2)
[2016-11-17 08:53:45] VERBOSE[4477][C-00000003] pbx.c: Executing [s@from-trunk:2] Answer("SIP/91.64.147.180-00000005", "") in new stack
[2016-11-17 08:53:45] VERBOSE[4477][C-00000003] pbx.c: Spawn extension (from-trunk, s, 2) exited non-zero on 'SIP/91.64.147.180-00000005'
[2016-11-17 08:53:45] VERBOSE[4477][C-00000003] pbx.c: Executing [h@from-trunk:1] Macro("SIP/91.64.147.180-00000005", "hangupcall,") in new stack
[2016-11-17 08:53:45] VERBOSE[4477][C-00000003] pbx.c: Executing [s@macro-hangupcall:1] GotoIf("SIP/91.64.147.180-00000005", "1?theend") in new stack
[2016-11-17 08:53:45] VERBOSE[4477][C-00000003] pbx_builtins.c: Goto (macro-hangupcall,s,3)
[2016-11-17 08:53:45] VERBOSE[4477][C-00000003] pbx.c: Executing [s@macro-hangupcall:3] ExecIf("SIP/91.64.147.180-00000005", "0?Set(CDR(recordingfile)=)") in new stack
[2016-11-17 08:53:45] VERBOSE[4477][C-00000003] pbx.c: Executing [s@macro-hangupcall:4] Hangup("SIP/91.64.147.180-00000005", "") in new stack
[2016-11-17 08:53:45] VERBOSE[4477][C-00000003]  app_macro.c: Spawn extension (macro-hangupcall, s, 4) exited non-zero  on 'SIP/91.64.147.180-00000005' in macro 'hangupcall'
[2016-11-17 08:53:45] VERBOSE[4477][C-00000003] pbx.c: Spawn extension (from-trunk, h, 1) exited non-zero on 'SIP/91.64.147.180-00000005'
[2016-11-17 08:53:50] VERBOSE[2603] chan_sip.c: Unregistered SIP '1001'
[2016-11-17 08:55:59] VERBOSE[2603][C-00000004] netsock2.c: Using SIP VIDEO TOS bits 136
[2016-11-17 08:55:59] VERBOSE[2603][C-00000004] netsock2.c: Using SIP VIDEO CoS mark 6
[2016-11-17 08:55:59] VERBOSE[2603][C-00000004] netsock2.c: Using SIP RTP TOS bits 184
[2016-11-17 08:55:59] VERBOSE[2603][C-00000004] netsock2.c: Using SIP RTP CoS mark 5
[2016-11-17 08:55:59] VERBOSE[4687][C-00000004] pbx.c: Executing [900441970868554@from-sip-external:1] NoOp("SIP/91.64.147.180-00000006", "Received incoming SIP connection from unknown peer to 900441970868554") in new stack
[2016-11-17 08:55:59] VERBOSE[4687][C-00000004] pbx.c: Executing [900441970868554@from-sip-external:2] Set("SIP/91.64.147.180-00000006", "DID=900441970868554") in new stack
[2016-11-17 08:55:59] VERBOSE[4687][C-00000004] pbx.c: Executing [900441970868554@from-sip-external:3] Goto("SIP/91.64.147.180-00000006", "s,1") in new stack
[2016-11-17 08:55:59] VERBOSE[4687][C-00000004] pbx_builtins.c: Goto (from-sip-external,s,1)
[2016-11-17 08:55:59] VERBOSE[4687][C-00000004] pbx.c: Executing [s@from-sip-external:1] GotoIf("SIP/91.64.147.180-00000006", "1?checklang:noanonymous") in new stack
[2016-11-17 08:55:59] VERBOSE[4687][C-00000004] pbx_builtins.c: Goto (from-sip-external,s,2)
[2016-11-17 08:55:59] VERBOSE[4687][C-00000004] pbx.c: Executing [s@from-sip-external:2] GotoIf("SIP/91.64.147.180-00000006", "1?setlanguage:from-trunk,900441970868554,1") in new stack
[2016-11-17 08:55:59] VERBOSE[4687][C-00000004] pbx_builtins.c: Goto (from-sip-external,s,3)
[2016-11-17 08:55:59] VERBOSE[4687][C-00000004] pbx.c: Executing [s@from-sip-external:3] Set("SIP/91.64.147.180-00000006", "CHANNEL(language)=de") in new stack
[2016-11-17 08:55:59] VERBOSE[4687][C-00000004] pbx.c: Executing [s@from-sip-external:4] Goto("SIP/91.64.147.180-00000006", "from-trunk,900441970868554,1") in new stack
[2016-11-17 08:55:59] VERBOSE[4687][C-00000004] pbx_builtins.c: Goto (from-trunk,900441970868554,1)
[2016-11-17 08:55:59] VERBOSE[4687][C-00000004] pbx.c: Executing [900441970868554@from-trunk:1] Set("SIP/91.64.147.180-00000006", "__FROM_DID=900441970868554") in new stack
[2016-11-17 08:55:59] VERBOSE[4687][C-00000004] pbx.c: Executing [900441970868554@from-trunk:2] NoOp("SIP/91.64.147.180-00000006", "Received an unknown call with DID set to 900441970868554") in new stack
[2016-11-17 08:55:59] VERBOSE[4687][C-00000004] pbx.c: Executing [900441970868554@from-trunk:3] Goto("SIP/91.64.147.180-00000006", "s,a2") in new stack
[2016-11-17 08:55:59] VERBOSE[4687][C-00000004] pbx_builtins.c: Goto (from-trunk,s,2)
[2016-11-17 08:55:59] VERBOSE[4687][C-00000004] pbx.c: Executing [s@from-trunk:2] Answer("SIP/91.64.147.180-00000006", "") in new stack
[2016-11-17  08:56:00] VERBOSE[4687][C-00000004] pbx.c: Executing [s@from-trunk:3]  Log("SIP/91.64.147.180-00000006", "WARNING,Friendly Scanner from  209.222.99.210") in new stack
[2016-11-17 08:56:00] WARNING[4687][C-00000004] Ext. s: Friendly Scanner from 209.222.99.210
[2016-11-17 08:56:00] VERBOSE[4687][C-00000004] pbx.c: Executing [s@from-trunk:4] Wait("SIP/91.64.147.180-00000006", "2") in new stack
[2016-11-17 08:56:02] VERBOSE[4687][C-00000004] pbx.c: Executing [s@from-trunk:5] Playback("SIP/91.64.147.180-00000006", "ss-noservice") in new stack
[2016-11-17 08:56:02] VERBOSE[4687][C-00000004] file.c: <SIP/91.64.147.180-00000006> Playing 'ss-noservice.slin16' (language 'de')
[2016-11-17 08:56:08] VERBOSE[4687][C-00000004] pbx.c: Executing [s@from-trunk:6] SayAlpha("SIP/91.64.147.180-00000006", "900441970868554") in new stack
[2016-11-17 08:56:08] VERBOSE[4687][C-00000004] file.c: <SIP/91.64.147.180-00000006> Playing 'digits/9.slin16' (language 'de')
[2016-11-17 08:56:09] VERBOSE[4687][C-00000004] file.c: <SIP/91.64.147.180-00000006> Playing 'digits/0.slin16' (language 'de')
[2016-11-17 08:56:09] VERBOSE[4687][C-00000004] file.c: <SIP/91.64.147.180-00000006> Playing 'digits/0.slin16' (language 'de')
[2016-11-17 08:56:10] VERBOSE[4687][C-00000004] file.c: <SIP/91.64.147.180-00000006> Playing 'digits/4.slin16' (language 'de')
[2016-11-17 08:56:11] VERBOSE[4687][C-00000004] file.c: <SIP/91.64.147.180-00000006> Playing 'digits/4.slin16' (language 'de')
[2016-11-17 08:56:12] VERBOSE[4687][C-00000004] file.c: <SIP/91.64.147.180-00000006> Playing 'digits/1.slin16' (language 'de')
[2016-11-17 08:56:13] VERBOSE[4687][C-00000004] file.c: <SIP/91.64.147.180-00000006> Playing 'digits/9.slin16' (language 'de')
[2016-11-17 08:56:14] VERBOSE[4687][C-00000004] file.c: <SIP/91.64.147.180-00000006> Playing 'digits/7.slin16' (language 'de')
[2016-11-17 08:56:14] VERBOSE[4687][C-00000004] file.c: <SIP/91.64.147.180-00000006> Playing 'digits/0.slin16' (language 'de')
[2016-11-17 08:56:15] VERBOSE[4687][C-00000004] file.c: <SIP/91.64.147.180-00000006> Playing 'digits/8.slin16' (language 'de')
[2016-11-17 08:56:16] VERBOSE[4687][C-00000004] file.c: <SIP/91.64.147.180-00000006> Playing 'digits/6.slin16' (language 'de')
[2016-11-17 08:56:17] VERBOSE[4687][C-00000004] file.c: <SIP/91.64.147.180-00000006> Playing 'digits/8.slin16' (language 'de')
[2016-11-17 08:56:18] VERBOSE[4687][C-00000004] file.c: <SIP/91.64.147.180-00000006> Playing 'digits/5.slin16' (language 'de')
[2016-11-17 08:56:19] VERBOSE[4687][C-00000004] file.c: <SIP/91.64.147.180-00000006> Playing 'digits/5.slin16' (language 'de')
[2016-11-17 08:56:19] VERBOSE[4687][C-00000004] file.c: <SIP/91.64.147.180-00000006> Playing 'digits/4.slin16' (language 'de')
[2016-11-17 08:56:20] VERBOSE[4687][C-00000004] pbx.c: Executing [s@from-trunk:7] Hangup("SIP/91.64.147.180-00000006", "") in new stack
[2016-11-17 08:56:20] VERBOSE[4687][C-00000004] pbx.c: Spawn extension (from-trunk, s, 7) exited non-zero on 'SIP/91.64.147.180-00000006'
[2016-11-17 08:56:20] VERBOSE[4687][C-00000004] pbx.c: Executing [h@from-trunk:1] Macro("SIP/91.64.147.180-00000006", "hangupcall,") in new stack
[2016-11-17 08:56:20] VERBOSE[4687][C-00000004] pbx.c: Executing [s@macro-hangupcall:1] GotoIf("SIP/91.64.147.180-00000006", "1?theend") in new stack
[2016-11-17 08:56:20] VERBOSE[4687][C-00000004] pbx_builtins.c: Goto (macro-hangupcall,s,3)
[2016-11-17 08:56:20] VERBOSE[4687][C-00000004] pbx.c: Executing [s@macro-hangupcall:3] ExecIf("SIP/91.64.147.180-00000006", "0?Set(CDR(recordingfile)=)") in new stack
[2016-11-17 08:56:20] VERBOSE[4687][C-00000004] pbx.c: Executing [s@macro-hangupcall:4] Hangup("SIP/91.64.147.180-00000006", "") in new stack
[2016-11-17 08:56:20] VERBOSE[4687][C-00000004]  app_macro.c: Spawn extension (macro-hangupcall, s, 4) exited non-zero  on 'SIP/91.64.147.180-00000006' in macro 'hangupcall'
[2016-11-17 08:56:20] VERBOSE[4687][C-00000004] pbx.c: Spawn extension (from-trunk, h, 1) exited non-zero on 'SIP/91.64.147.180-00000006'
[2016-11-17  08:56:31] WARNING[2603] chan_sip.c: Retransmission timeout reached on  transmission b6d6b17f20a1ceb68952e2f7a9c0567b for seqno 1 (Critical  Response) -- See  https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32000ms with no response
[2016-11-17 08:56:38] VERBOSE[2517] asterisk.c: Remote UNIX connection
[2016-11-17 08:56:38] VERBOSE[5521] asterisk.c: Remote UNIX connection disconnected
[2016-11-17 08:56:38] VERBOSE[2517] asterisk.c: Remote UNIX connection
[2016-11-17 08:56:38] VERBOSE[5523] asterisk.c: Remote UNIX connection disconnected
[2016-11-17 08:58:18] VERBOSE[4341] asterisk.c: Remote UNIX connection disconnected

Was mache ich Falsch ?

Danke
Gruß
Tommy
 
Zuletzt bearbeitet:
Um antworten zu können musst du eingeloggt sein.

Zurzeit aktive Besucher

Gesamt: 816 (Mitglieder: 50, Gäste: 766)

Neueste Beiträge

Statistik des Forums

Themen
246,167
Beiträge
2,247,362
Mitglieder
373,712
Neuestes Mitglied
Bigtorsti
Holen Sie sich 3CX - völlig kostenlos!
Verbinden Sie Ihr Team und Ihre Kunden Telefonie Livechat Videokonferenzen

Gehostet oder selbst-verwaltet. Für bis zu 10 Nutzer dauerhaft kostenlos. Keine Kreditkartendetails erforderlich. Ohne Risiko testen.

3CX
Für diese E-Mail-Adresse besteht bereits ein 3CX-Konto. Sie werden zum Kundenportal weitergeleitet, wo Sie sich anmelden oder Ihr Passwort zurücksetzen können, falls Sie dieses vergessen haben.
Ihr E-Mail-Adresse verifizieren

Ihr E-Mail-Adresse verifizieren

Wir haben Ihnen eine E-Mail geschickt. Klicken Sie auf die Schaltfläche im E-Mail-Text, um Ihre E-Mail-Adresse zu verifizieren – (Können Sie diese nicht finden können, dann überprüfen Sie Ihren Spam-Ordner).

IPPF im Überblick

Neueste Beiträge

Direktlinks Telefonanlage

Website-Sponsoren

3CX sponsor
KONTAKTIEREN SIE UNS BEI INTERESSE
| Style by ThemeHouse
XenPorta 2 PRO © Jason Axelrod of 8WAYRUN
Oben Unten
Zurück