A SIP register hacker!?

Asterisk Asterisk Support
1

It looks like someboddy is trying to register with my PBX!

My IP, but edited to = 111.111.111.111
Probably the hacker = 62.216.189.249

[May 6 04:52:54] NOTICE[24916] chan_sip.c: Registration from '"4260759430"<sip:4260759430@111.111.111.111>' failed for '62.216.189.249' - No matching peer found [May 6 04:52:54] NOTICE[24916] chan_sip.c: Registration from '"3385336812"<sip:3385336812@111.111.111.111>' failed for '62.216.189.249' - No matching peer found [May 6 04:52:54] NOTICE[24916] chan_sip.c: Registration from '"test"<sip:test@111.111.111.111>' failed for '62.216.189.249' - No matching peer found [May 6 04:52:54] NOTICE[24916] chan_sip.c: Registration from '"test123"<sip:test123@111.111.111.111>' failed for '62.216.189.249' - No matching peer found [May 6 04:52:54] NOTICE[24916] chan_sip.c: Registration from '"test12"<sip:test12@111.111.111.111>' failed for '62.216.189.249' - No matching peer found [May 6 04:52:54] NOTICE[24916] chan_sip.c: Registration from '"guest"<sip:guest@111.111.111.111>' failed for '62.216.189.249' - No matching peer found [May 6 04:52:54] NOTICE[24916] chan_sip.c: Registration from '"admin"<sip:admin@111.111.111.111>' failed for '62.216.189.249' - No matching peer found [May 6 04:52:54] NOTICE[24916] chan_sip.c: Registration from '"administrator"<sip:administrator@111.111.111.111>' failed for '62.216.189.249' - No matching peer found [May 6 04:52:54] NOTICE[24916] chan_sip.c: Registration from '"account"<sip:account@111.111.111.111>' failed for '62.216.189.249' - No matching peer found [May 6 04:52:54] NOTICE[24916] chan_sip.c: Registration from '"mark"<sip:mark@111.111.111.111>' failed for '62.216.189.249' - No matching peer found [May 6 04:52:54] NOTICE[24916] chan_sip.c: Registration from '"michael"<sip:michael@111.111.111.111>' failed for '62.216.189.249' - No matching peer found [May 6 04:52:54] NOTICE[24916] chan_sip.c: Registration from '"alex"<sip:alex@111.111.111.111>' failed for '62.216.189.249' - No matching peer found [May 6 04:52:54] NOTICE[24916] chan_sip.c: Registration from '"test1"<sip:test1@111.111.111.111>' failed for '62.216.189.249' - No matching peer found [May 6 04:52:54] NOTICE[24916] chan_sip.c: Registration from '"root"<sip:root@111.111.111.111>' failed for '62.216.189.249' - No matching peer found [May 6 04:52:54] NOTICE[24916] chan_sip.c: Registration from '"asterisk"<sip:asterisk@111.111.111.111>' failed for '62.216.189.249' - No matching peer found [May 6 04:52:54] NOTICE[24916] chan_sip.c: Registration from '"temp"<sip:temp@111.111.111.111>' failed for '62.216.189.249' - No matching peer found [May 6 04:52:54] NOTICE[24916] chan_sip.c: Registration from '"1"<sip:1@111.111.111.111>' failed for '62.216.189.249' - No matching peer found ... ... ...

This goes on and on and on, sip:2@111.111.111.111, sip:3@111.111.111.111, sip:4@111.111.111.111

and at 9999 it ends!

As I can see they could not register at all, but I don’t like these kind of error in my logfiles!

The funny thing is that I have ext 6000 - 6010 that I uses to register with, localy on my private network and also from internet, but in the log file I got the same error msg for them, - No matching peer found!

I’m using fail2ban-0.8.3, but i’m not sure that it noticed this?

Does someboddy know where I can find info on how to prevent this, and/or a good installation/config guide for fail2ban!

2

I know there are people trying to make calls off other people’s Asterisk server’s being that a lot of people do not know security with Asterisk. If your asterisk configurations are correct you should not have an issue.

I have never used fail2ban so I can’t help you out there :wink:

3

Thanks for your reply!

I think my Asterisk is pretty secure, but I don’t like that kind of things in my log files!

How secure the box is, you might have forgotten something!
I just want to secure it as good as it is possible!

I will look for more info on fail2ban.
I think that one is pretty good when you got it up and running!