How to stop unknown Requests from My Asterisk to Others

Hello Asterisk community.

I’m here to get the help from you.

I installed Asterisk-18.20.6 on my Ubuntu22.04 and running on it.

After configuration of pjsip.conf, from the AsteriskCLI, I can see this screen.

Very uncomfortable to control Asterisk. Please help me fix this issue.

Thank you in advance.

There is no screen, and we prefer to have the plain text, ideally from a log file, or failing that, as a screen scrape.

I can’t really hazard a guess at what you are seeing.

what is your server 's ip address ?

not sure, but i think this request sent to your server, not from your server

This is traffic from sipvicious. It’s an auditing and testing tool for SIP (but of course bad guys also like to use it to find vulnerable accounts or servers).
So if it’s not yourself who is playing around here with that tool, you should harden your network and your asterisk server.

Thank you for your reply.

But how to do what you said?
I am asking this.

Thank you.

Maybe that’s not important.

Like I posted, I can see unknown requests from my server or others.

If you run any kind of public facing SIP on standard ports then you are going to be poked. The script-kiddies want to exploit your server.

What you need is to:

first, make sure your configurations are secure and you’re not leaving a default back door open…
then, use a mechanism to blacklist attackers.

A couple of years ago I wrote some documentation on how to set up a free blacklisting service. However it assumes some knowledge of shell scripting:

The other alternative is if you’re using the PBX internally and only have outside trunks coming in, lock your firewall to those trunk IPs. So like 5060 on my connection will only talk to my provider’s server and no one else.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.