Incoming call flood

Today I’m constantly getting these messages:

== Using SIP RTP CoS mark 5 [Jan 8 12:26:28] NOTICE[20791][C-00000007]: chan_sip.c:25136 handle_request_invite: Call from '' (212.124.121.202:5088) to extension '972597966348' rejected because extension not found in context 'chiamate-ingresso'. == Using SIP RTP CoS mark 5 [Jan 8 12:26:35] NOTICE[20791][C-00000008]: chan_sip.c:25136 handle_request_invite: Call from '' (212.124.121.202:5093) to extension '9810972597966348' rejected because extension not found in context 'chiamate-ingresso'. == Using SIP RTP CoS mark 5 [Jan 8 12:26:48] NOTICE[20791][C-00000009]: chan_sip.c:25136 handle_request_invite: Call from '' (212.124.121.202:5073) to extension '1801972597966348' rejected because extension not found in context 'chiamate-ingresso'. == Using SIP RTP CoS mark 5 [Jan 8 12:26:59] NOTICE[20791][C-0000000a]: chan_sip.c:25136 handle_request_invite: Call from '' (212.124.121.202:5084) to extension '812972597966348' rejected because extension not found in context 'chiamate-ingresso'. == Using SIP RTP CoS mark 5 [Jan 8 12:27:08] NOTICE[20791][C-0000000b]: chan_sip.c:25136 handle_request_invite: Call from '' (212.124.121.202:5094) to extension '811972597966348' rejected because extension not found in context 'chiamate-ingresso'. == Using SIP RTP CoS mark 5 [Jan 8 12:27:18] NOTICE[20791][C-0000000c]: chan_sip.c:25136 handle_request_invite: Call from '' (212.124.121.202:5081) to extension '00972597966348' rejected because extension not found in context 'chiamate-ingresso'. == Using SIP RTP CoS mark 5 [Jan 8 12:43:16] NOTICE[20791][C-0000000d]: chan_sip.c:25136 handle_request_invite: Call from '' (212.124.121.202:5092) to extension '972597966348' rejected because extension not found in context 'chiamate-ingresso'. == Using SIP RTP CoS mark 5 [Jan 8 12:43:19] NOTICE[20791][C-0000000e]: chan_sip.c:25136 handle_request_invite: Call from '' (212.124.121.202:5084) to extension '9810972597966348' rejected because extension not found in context 'chiamate-ingresso'. == Using SIP RTP CoS mark 5 [Jan 8 12:43:25] NOTICE[20791][C-0000000f]: chan_sip.c:25136 handle_request_invite: Call from '' (212.124.121.202:5100) to extension '1801972597966348' rejected because extension not found in context 'chiamate-ingresso'. == Using SIP RTP CoS mark 5 [Jan 8 12:43:29] NOTICE[20791][C-00000010]: chan_sip.c:25136 handle_request_invite: Call from '' (212.124.121.202:5087) to extension '812972597966348' rejected because extension not found in context 'chiamate-ingresso'. == Using SIP RTP CoS mark 5 [Jan 8 12:43:34] NOTICE[20791][C-00000011]: chan_sip.c:25136 handle_request_invite: Call from '' (212.124.121.202:5084) to extension '811972597966348' rejected because extension not found in context 'chiamate-ingresso'. == Using SIP RTP CoS mark 5 [Jan 8 12:43:39] NOTICE[20791][C-00000012]: chan_sip.c:25136 handle_request_invite: Call from '' (212.124.121.202:5084) to extension '00972597966348' rejected because extension not found in context 'chiamate-ingresso'. == Using SIP RTP CoS mark 5

i enabled debug:

<------------> [Jan 8 12:57:58] NOTICE[20791][C-00000017]: chan_sip.c:25136 handle_request_invite: Call from '' (212.124.121.202:5085) to extension '1801972597966348' rejected because extension not found in context 'chiamate-ingresso'. Scheduling destruction of SIP dialog '719c17b7d75334faa2d2416d6027d1ff' in 32000 ms (Method: INVITE) Retransmitting #1 (no NAT) to 212.124.121.202:5085: SIP/2.0 404 Not Found Via: SIP/2.0/UDP 212.124.121.202:5085;branch=z9hG4bK-719c17b7d75334faa2d2416d6027d1ff;received=212.124.121.202;rport=5085 From: 7021<sip:7021@-------->;tag=e3583d03 To: 1801972597966348<sip:1801972597966348@------>;tag=as16adb13e Call-ID: 719c17b7d75334faa2d2416d6027d1ff CSeq: 1 INVITE Server: Asterisk PBX 11.1.2 Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer Content-Length: 0 ---

i haven’t any provider that uses this ip…
why am i getting these messages?

Bad asterisk security. Set allowguest=no and use google to check basic rules to secure your asterisk.

A lot of tutorial about how to start with asterisk that i read hadn’t talked about it… thanks man

Leaving a box accessible via the SSH, GUI/HTTP, or SIP ports to unknown IP’s will result in hacking in hours (if you get lucky a few days).

From experience I would suggest that a box have, at a minimum, an IPTables rule set that locks down basic access to only known IP’s.

I know this doesn’t apply to any and all situations (remote phones for example on roving IP’s)…but there are work arounds (VPN’s for example).

There is no such thing as convenient security. If its convenient it isn’t secure and probably going to get compromised.

Unfortunately, tutorials are often written by people without any deep understanding, who have themselves only just their system working. Security is probably not a measure they have used in determining their success and turning off security mechanisms tends to make it easier to get things “working” quickly and easily (e.g. there is an option whose very name implies a security risk (insecure), but for which the formula that most people advocate (because iTSPs s uggest it), is to set it maximally insecure, when only one of the security options needs to be relaxed).

I changed the ssh port, and i haven’t any webserver, but as you said i need to connect with my mobile anywhere, and i can’t have a static ip outside…
How can i use a vpn? Is it possible to use it on centos with open OpenVPN on my remote server? Or i need a device like an hardware firewall at home to set a VPN connection?

Yesterday i was reading an article regarding srv record, but i didn’t understand how to configure asterisk and how it helps security, i setted the srv record of my domain to _sip._upd.mydomain.tld, with mydomain.tld record A setted to the ip of my asterisk server, now what should i do to make it work?

I read that it’s suggested to choose a different username from the extensions, but how can i change this rule [size=85]exten =>_2XXX,1,Dial(SIP/${EXTEN},180,TtKkXx)[/size] to avoid of write an extension for each username?