Hacking on my Asterisk server results in arbitrary ringing of extensions despite having implemented the following security settings:
- alwaysauthreject=yes
- allowguest=no
- deny=0.0.0.0/0.0.0.0 with allow=…/… for dedicated IP-ranges (as a consequence the access to our Asterisk server is not possible from unknown WiFi networks, e.g. hotels, etc.)
- Fail2ban (which is kicking in several times a day = means the setup is basically working)
Despite these settings I still get “phantom extension rings”. I also seem not to be able to find any records of these calls/rings in any logs. The only trace I can find is when showing channels:
memo*CLI> sip show channels
Peer User/ANR Call ID Format Hold Last Message Expiry Peer
217.79.190.22 2001 bd9a47104d25944 (nothing) No Rx: INVITE <guest>
158.69.244.73 200200 16144c79e111651 (nothing) No Rx: INVITE <guest>
217.79.190.22 2001 73399cda44c1573 (nothing) No Rx: INVITE <guest>
4 active SIP dialogs
[2016-12-22 08:57:05] WARNING[31042]: chan_sip.c:3906 __sip_xmit: sip_xmit of 0x7f16340379e0 (len 941) to 153.222.91.97:34576 returned -2: Success
[2016-12-22 08:57:19] WARNING[31042]: chan_sip.c:3906 __sip_xmit: sip_xmit of 0x7f16340379e0 (len 941) to 153.222.91.97:34576 returned -2: Success
[2016-12-22 08:57:33] WARNING[31042]: chan_sip.c:3906 __sip_xmit: sip_xmit of 0x7f16340379e0 (len 941) to 153.222.91.97:34576 returned -2: Success
[2016-12-22 08:57:47] WARNING[31042]: chan_sip.c:3906 __sip_xmit: sip_xmit of 0x7f16340379e0 (len 941) to 153.222.91.97:34576 returned -2: Success
These listed IP numbers should not have access to the system! Why is it still possible? I suppose that the access also allows for ringing the extensions. What can I do to prevent such unauthorized access?
Any suggestions what I could do?