Debug src ip “, “Received incoming SIP connection from unknown peer to 123”) in new stack”

#1

Hey Folks ,
im checking logs on my asterisk and we are seeing two kind of hacking trials .

once as :
[2019-04-11 04:47:05] VERBOSE[7213][C-0000017a] pbx.c: Executing [s@from-sip-external:6] Log(“SIP/12.13.130.226-0000017a”, "WARNING,“Rejecting unknown SIP connection from 185.53.88.164"”) in new stack

and one as :

[2019-04-11 05:06:41] VERBOSE[9474][C-000001fb] pbx.c: Executing [123@from-sip-external:1] NoOp(“SIP/12.13.130.226-000001fb”, “Received incoming SIP connection from unknown peer to 123”) in new stack

note the 1st one we can know the src ip of attacker . 185.53.88.164

but the 2nd log we have see “unknown peer” " no attacker ip "

how can i debug the src ip of attacker so that in all cases we debug and see src ip who is sending calls to the server ?

Thanks

0 Likes

#2

Use the security log.

0 Likes

#3

Thank you ,

just wondering why some calls come with src ip and other calls without src ips in logs ?

0 Likes

#4

Neither of those messages say anything other than a dialplan step was executed. What you are reading as the message is just part of the dialplan code, and that didn’t come from Asterisk. To find the reasons for the inconsistent behaviour, you need to ask whoever wrote that code.

0 Likes

#5

Accepting unknown callers and then rejecting them in the dialplan is something that I believe FreePBX does, in which case you should ask the FreePBX people.

The advice for people using Asterisk directly would be to set allowguest=no.

0 Likes