CLI shows errors which I have no idea about

[2021-09-08 18:57:39] WARNING[18277][C-00000020]: Ext. s:7 @ from-sip-external: “Rejecting unknown SIP connection from 45.134.144.106”
[2021-09-08 18:57:41] NOTICE[17761]: chan_sip.c:29029 handle_request_register: Registration from ‘sip:9817@143.244.175.208’ failed for ‘185.108.106.103:56599’ - Wrong password
[2021-09-08 18:57:41] WARNING[17761]: chan_sip.c:4126 retrans_pkt: Retransmission timeout reached on transmission 1025142342-1986805373-952715359 for seqno 1 (Critical Response) – See SIP Retransmissions - Asterisk Project - Asterisk Project Wiki
Packet timed out after 32000ms with no response
[2021-09-08 18:57:49] WARNING[18278][C-00000021]: Ext. s:7 @ from-sip-external: “Rejecting unknown SIP connection from 45.134.144.106”
[2021-09-08 18:57:51] WARNING[17761]: chan_sip.c:4126 retrans_pkt: Retransmission timeout reached on transmission 1309705283-1231666481-392429381 for seqno 1 (Critical Response) – See SIP Retransmissions - Asterisk Project - Asterisk Project Wiki
Packet timed out after 31999ms with no response
[2021-09-08 18:57:53] NOTICE[17761]: chan_sip.c:29029 handle_request_register: Registration from ‘sip:1004@143.244.175.208’ failed for ‘152.89.163.230:58153’ - Wrong password

I dont know any of this IP (152.89.163.230) at all what are these and whats happening?

Strange behaviour from unknown addresses simply means your Asterisk is exposed to the internet. Do you need it to be exposed to all addresses, or could you just whitelist your service provider. You can also get a reduction by using a non-standard port number.

You could also use something like fail2ban to automatically blacklist failing peers, to rate limit the attacks.

so you mean its exposed to hacking or something?

Yes I can allow just white listed IP’s but its a stock installation, nothing is touched or edited. yet it can act like that?

They haven’t succeeded, or at least not within that log. The bad password and unknown connection are failed attempts.

Any time you expose port 5060 to the internet, people will try guessing numbers and passwords with the intent of making premium rate calls to numbers from which they earn revenue. The first attack will be within minutes, and if they get responses they will start searching for weak accounts.

oh my god!!! so its like bruteforcing?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.