Millions of notices

Hello,
i’m a newbie in asterisk. my asterisk got stucked and i will be happy with any help.
last friday i tried to configure a GoTrunk SIP account in asterisk following to the provider instructions, but failed.
today i wanted to check what is wrong - modified sip.conf and extension.conf, delete the provider setting and paste them again and so on, but suddenly asterisk started to output infinite chain of notice messages:

[Apr 19 18:33:20] NOTICE[2602]: chan_sip.c:28633 handle_request_register: Registration from '"903" <sip:903@45.83.42.184>' failed for '45.143.220.13:6716' - Wrong password
[Apr 19 18:33:20] NOTICE[2602]: chan_sip.c:28633 handle_request_register: Registration from '"903" <sip:903@45.83.42.184>' failed for '45.143.220.13:6716' - Wrong password
[Apr 19 18:33:20] NOTICE[2602]: chan_sip.c:28633 handle_request_register: Registration from '"903" <sip:903@45.83.42.184>' failed for '45.143.220.13:6716' - Wrong password
[Apr 19 18:33:21] NOTICE[2602]: chan_sip.c:28633 handle_request_register: Registration from '"903" <sip:903@45.83.42.184>' failed for '45.143.220.13:6716' - Wrong password
[Apr 19 18:33:21] NOTICE[2602]: chan_sip.c:28633 handle_request_register: Registration from '"903" <sip:903@45.83.42.184>' failed for '45.143.220.13:6716' - Wrong password
[Apr 19 18:33:21] NOTICE[2602]: chan_sip.c:28633 handle_request_register: Registration from '"903" <sip:903@45.83.42.184>' failed for '45.143.220.13:6716' - Wrong password
[Apr 19 18:33:21] NOTICE[2602]: chan_sip.c:28633 handle_request_register: Registration from '"903" <sip:903@45.83.42.184>' failed for '45.143.220.13:6716' - Wrong password
[Apr 19 18:33:21] NOTICE[2602]: chan_sip.c:28633 handle_request_register: Registration from '"903" <sip:903@45.83.42.184>' failed for '45.143.220.13:6716' - Wrong password
[Apr 19 18:33:21] NOTICE[2602]: chan_sip.c:28633 handle_request_register: Registration from '"903" <sip:903@45.83.42.184>' failed for '45.143.220.13:6716' - Wrong password
[Apr 19 18:33:21] NOTICE[2602]: chan_sip.c:28633 handle_request_register: Registration from '"903" <sip:903@45.83.42.184>' failed for '45.143.220.13:6716' - Wrong password
[Apr 19 18:33:21] NOTICE[2602]: chan_sip.c:28633 handle_request_register: Registration from '"903" <sip:903@45.83.42.184>' failed for '45.143.220.13:6716' - Wrong password
[Apr 19 18:33:21] NOTICE[2602]: chan_sip.c:28633 handle_request_register: Registration from '"903" <sip:903@45.83.42.184>' failed for '45.143.220.13:6716' - Wrong password
[Apr 19 18:33:21] NOTICE[2602]: chan_sip.c:28633 handle_request_register: Registration from '"903" <sip:903@45.83.42.184>' failed for '45.143.220.13:6716' - Wrong password
[Apr 19 18:33:21] NOTICE[2602]: chan_sip.c:28633 handle_request_register: Registration from '"903" <sip:903@45.83.42.184>' failed for '45.143.220.13:6716' - Wrong password
[Apr 19 18:33:21] NOTICE[2602]: chan_sip.c:28633 handle_request_register: Registration from '"903" <sip:903@45.83.42.184>' failed for '45.143.220.13:6716' - Wrong password
[Apr 19 18:33:21] NOTICE[2602]: chan_sip.c:28633 handle_request_register: Registration from '"903" <sip:903@45.83.42.184>' failed for '45.143.220.13:6716' - Wrong password

and so on, couple each seconds. now i can’t do anything in asterisk, because now all the CLI outputs flying up immediately.
i deleted sip.conf, and extension.conf, reload them but nothing changed.
i tried to remove asterisk completely, deleted all it’s setting, and reinstall it again couple of times, reboot the server before, after and in the middle of the reinstall but nothing help.

from where comes those registeraions ?? how can i remove them?
thanks, itamar

you are being hacked do you have a firewall in place ?
try working only with a white list if possible

fail2ban installed ?

thanks for your help!
I installed fail2ban, and set ufw to allow 5060/udp and 10000:20000/udp, and now all those notices stopped.
but i still got some notices about unknown invites and retransmissions timeouts:

[Apr 20 12:58:12] WARNING[2665]: chan_sip.c:4072 retrans_pkt: Retransmission timeout reached on transmission 1363595747-725759896-1276807919 for seqno 1 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32000ms with no response
  == Using SIP RTP CoS mark 5
       > 0x5625a645a860 -- Strict RTP learning after remote address set to: 192.168.1.83:25282
[Apr 20 12:58:23] NOTICE[2665][C-00000018]: chan_sip.c:26407 handle_request_invite: Call from '' (67.205.141.172:64898) to extension '50046462607520' rejected because extension not found in context 'public'.
  == Using SIP RTP CoS mark 5
       > 0x5625a648ef00 -- Strict RTP learning after remote address set to: 192.168.1.83:25282
[Apr 20 12:58:24] NOTICE[2665][C-00000019]: chan_sip.c:26407 handle_request_invite: Call from '' (142.93.193.47:60071) to extension '40046406820514' rejected because extension not found in context 'public'.

with sip debug sets on i got:

Retransmitting #8 (no NAT) to 142.93.193.47:57397:
SIP/2.0 404 Not Found
Via: SIP/2.0/UDP 142.93.193.47:57397;branch=z9hG4bK1749432700;received=142.93.193.47
From: <sip:6051@45.83.42.184>;tag=482174237
To: <sip:70046406820514@45.83.42.184>;tag=as1c3fd429
Call-ID: 172420556-1769710315-1501745644
CSeq: 1 INVITE
Server: Asterisk PBX 13.18.3~dfsg-1ubuntu4
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0


---
Retransmitting #7 (no NAT) to 67.205.141.172:57805:
SIP/2.0 404 Not Found
Via: SIP/2.0/UDP 67.205.141.172:57805;branch=z9hG4bK1683222034;received=67.205.141.172
From: <sip:1001@45.83.42.184>;tag=1624111925
To: <sip:30046462607520@45.83.42.184>;tag=as438a03d9
Call-ID: 1013558275-543034059-2087291745
CSeq: 1 INVITE
Server: Asterisk PBX 13.18.3~dfsg-1ubuntu4
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0


---

<--- SIP read from UDP:67.205.141.172:49470 --->
INVITE sip:30046462607520@45.83.42.184 SIP/2.0
Via: SIP/2.0/UDP 67.205.141.172:49470;branch=z9hG4bK2127133070
Max-Forwards: 70
From: <sip:1001@45.83.42.184>;tag=107797501
To: <sip:30046462607520@45.83.42.184>
Call-ID: 738589967-591967079-610554201
CSeq: 1 INVITE
Contact: <sip:1001@67.205.141.172:49470>
Content-Type: application/sdp
Content-Length: 208
Allow: ACK, BYE, CANCEL, INFO, INVITE, MESSAGE, NOTIFY, OPTIONS, PRACK, REFER, REGISTER, SUBSCRIBE, UPDATE, PUBLISH

v=0
o=1001 16264 18299 IN IP4 192.168.1.83
s=call
c=IN IP4 192.168.1.83
t=0 0
m=audio 25282 RTP/AVP 0 101
a=rtpmap:0 pcmu/8000
a=rtpmap:8 pcma/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-11
<------------->
--- (11 headers 10 lines) ---
Sending to 67.205.141.172:49470 (no NAT)
Sending to 67.205.141.172:49470 (no NAT)
Using INVITE request as basis request - 738589967-591967079-610554201
No matching peer for '1001' from '67.205.141.172:49470'
  == Using SIP RTP CoS mark 5
Found RTP audio format 0
Found RTP audio format 101
Found audio description format pcmu for ID 0
Found audio description format pcma for ID 8
Found audio description format telephone-event for ID 101
Capabilities: us - (ulaw|alaw|gsm|h263), peer - audio=(ulaw|alaw)/video=(nothing)/text=(nothing), combined - (ulaw|alaw)
Non-codec capabilities (dtmf): us - 0x1 (telephone-event|), peer - 0x1 (telephone-event|), combined - 0x1 (telephone-event|)
       > 0x5625a64859b0 -- Strict RTP learning after remote address set to: 192.168.1.83:25282
Peer audio RTP is at port 192.168.1.83:25282
Looking for 30046462607520 in public (domain 45.83.42.184)

<--- Reliably Transmitting (no NAT) to 67.205.141.172:49470 --->
SIP/2.0 404 Not Found
Via: SIP/2.0/UDP 67.205.141.172:49470;branch=z9hG4bK2127133070;received=67.205.141.172
From: <sip:1001@45.83.42.184>;tag=107797501
To: <sip:30046462607520@45.83.42.184>;tag=as58e01328
Call-ID: 738589967-591967079-610554201
CSeq: 1 INVITE
Server: Asterisk PBX 13.18.3~dfsg-1ubuntu4
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0


<------------>
[Apr 20 13:01:24] NOTICE[2665][C-00000022]: chan_sip.c:26407 handle_request_invite: Call from '' (67.205.141.172:49470) to extension '30046462607520' rejected because extension not found in context 'public'.
Scheduling destruction of SIP dialog '738589967-591967079-610554201' in 32000 ms (Method: INVITE)
Retransmitting #1 (no NAT) to 67.205.141.172:49470:
SIP/2.0 404 Not Found
Via: SIP/2.0/UDP 67.205.141.172:49470;branch=z9hG4bK2127133070;received=67.205.141.172
From: <sip:1001@45.83.42.184>;tag=107797501
To: <sip:30046462607520@45.83.42.184>;tag=as58e01328
Call-ID: 738589967-591967079-610554201
CSeq: 1 INVITE
Server: Asterisk PBX 13.18.3~dfsg-1ubuntu4
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0


---
Retransmitting #2 (no NAT) to 67.205.141.172:49470:
SIP/2.0 404 Not Found
Via: SIP/2.0/UDP 67.205.141.172:49470;branch=z9hG4bK2127133070;received=67.205.141.172
From: <sip:1001@45.83.42.184>;tag=107797501
To: <sip:30046462607520@45.83.42.184>;tag=as58e01328
Call-ID: 738589967-591967079-610554201
CSeq: 1 INVITE
Server: Asterisk PBX 13.18.3~dfsg-1ubuntu4
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0


---
Retransmitting #9 (no NAT) to 142.93.193.47:57397:
SIP/2.0 404 Not Found
Via: SIP/2.0/UDP 142.93.193.47:57397;branch=z9hG4bK1749432700;received=142.93.193.47
From: <sip:6051@45.83.42.184>;tag=482174237
To: <sip:70046406820514@45.83.42.184>;tag=as1c3fd429
Call-ID: 172420556-1769710315-1501745644
CSeq: 1 INVITE
Server: Asterisk PBX 13.18.3~dfsg-1ubuntu4
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0


---
Retransmitting #3 (no NAT) to 67.205.141.172:49470:
SIP/2.0 404 Not Found
Via: SIP/2.0/UDP 67.205.141.172:49470;branch=z9hG4bK2127133070;received=67.205.141.172
From: <sip:1001@45.83.42.184>;tag=107797501
To: <sip:30046462607520@45.83.42.184>;tag=as58e01328
Call-ID: 738589967-591967079-610554201
CSeq: 1 INVITE
Server: Asterisk PBX 13.18.3~dfsg-1ubuntu4
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0


---
Retransmitting #8 (no NAT) to 67.205.141.172:57805:
SIP/2.0 404 Not Found
Via: SIP/2.0/UDP 67.205.141.172:57805;branch=z9hG4bK1683222034;received=67.205.141.172
From: <sip:1001@45.83.42.184>;tag=1624111925
To: <sip:30046462607520@45.83.42.184>;tag=as438a03d9
Call-ID: 1013558275-543034059-2087291745
CSeq: 1 INVITE
Server: Asterisk PBX 13.18.3~dfsg-1ubuntu4
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0


---
Retransmitting #10 (no NAT) to 142.93.193.47:57397:
SIP/2.0 404 Not Found
Via: SIP/2.0/UDP 142.93.193.47:57397;branch=z9hG4bK1749432700;received=142.93.193.47
From: <sip:6051@45.83.42.184>;tag=482174237
To: <sip:70046406820514@45.83.42.184>;tag=as1c3fd429
Call-ID: 172420556-1769710315-1501745644
CSeq: 1 INVITE
Server: Asterisk PBX 13.18.3~dfsg-1ubuntu4
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0


---
Retransmitting #4 (no NAT) to 67.205.141.172:49470:
SIP/2.0 404 Not Found
Via: SIP/2.0/UDP 67.205.141.172:49470;branch=z9hG4bK2127133070;received=67.205.141.172
From: <sip:1001@45.83.42.184>;tag=107797501
To: <sip:30046462607520@45.83.42.184>;tag=as58e01328
Call-ID: 738589967-591967079-610554201
CSeq: 1 INVITE
Server: Asterisk PBX 13.18.3~dfsg-1ubuntu4
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0


---
Retransmitting #9 (no NAT) to 67.205.141.172:57805:
SIP/2.0 404 Not Found
Via: SIP/2.0/UDP 67.205.141.172:57805;branch=z9hG4bK1683222034;received=67.205.141.172
From: <sip:1001@45.83.42.184>;tag=1624111925
To: <sip:30046462607520@45.83.42.184>;tag=as438a03d9
Call-ID: 1013558275-543034059-2087291745
CSeq: 1 INVITE
Server: Asterisk PBX 13.18.3~dfsg-1ubuntu4
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0


---
[Apr 20 13:01:32] WARNING[2665]: chan_sip.c:4072 retrans_pkt: Retransmission timeout reached on transmission 172420556-1769710315-1501745644 for seqno 1 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 31999ms with no response
Really destroying SIP dialog '172420556-1769710315-1501745644' Method: INVITE
Retransmitting #5 (no NAT) to 67.205.141.172:49470:
SIP/2.0 404 Not Found
Via: SIP/2.0/UDP 67.205.141.172:49470;branch=z9hG4bK2127133070;received=67.205.141.172
From: <sip:1001@45.83.42.184>;tag=107797501
To: <sip:30046462607520@45.83.42.184>;tag=as58e01328
Call-ID: 738589967-591967079-610554201
CSeq: 1 INVITE
Server: Asterisk PBX 13.18.3~dfsg-1ubuntu4
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0


---
Retransmitting #10 (no NAT) to 67.205.141.172:57805:
SIP/2.0 404 Not Found
Via: SIP/2.0/UDP 67.205.141.172:57805;branch=z9hG4bK1683222034;received=67.205.141.172
From: <sip:1001@45.83.42.184>;tag=1624111925
To: <sip:30046462607520@45.83.42.184>;tag=as438a03d9
Call-ID: 1013558275-543034059-2087291745
CSeq: 1 INVITE
Server: Asterisk PBX 13.18.3~dfsg-1ubuntu4
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0


---
[Apr 20 13:01:36] WARNING[2665]: chan_sip.c:4072 retrans_pkt: Retransmission timeout reached on transmission 1013558275-543034059-2087291745 for seqno 1 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 31999ms with no response
Really destroying SIP dialog '1013558275-543034059-2087291745' Method: INVITE
Retransmitting #6 (no NAT) to 67.205.141.172:49470:
SIP/2.0 404 Not Found
Via: SIP/2.0/UDP 67.205.141.172:49470;branch=z9hG4bK2127133070;received=67.205.141.172
From: <sip:1001@45.83.42.184>;tag=107797501
To: <sip:30046462607520@45.83.42.184>;tag=as58e01328
Call-ID: 738589967-591967079-610554201
CSeq: 1 INVITE
Server: Asterisk PBX 13.18.3~dfsg-1ubuntu4
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0


---
Retransmitting #7 (no NAT) to 67.205.141.172:49470:
SIP/2.0 404 Not Found
Via: SIP/2.0/UDP 67.205.141.172:49470;branch=z9hG4bK2127133070;received=67.205.141.172
From: <sip:1001@45.83.42.184>;tag=107797501
To: <sip:30046462607520@45.83.42.184>;tag=as58e01328
Call-ID: 738589967-591967079-610554201
CSeq: 1 INVITE
Server: Asterisk PBX 13.18.3~dfsg-1ubuntu4
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0


---

and any way, i can’t register to my sip provider.

fail2ban is configured (on default) to take some tries and to ban that IP then. It cannot ban the IP automatically beforehand because it is not a distributed firewall. However, that does not help you about your GoTrunk issue at all. For that, I recommend to install Wireshark and monitor the network traffic. You could do the same with the Asterisk command-line interface (CLI) and its sip set debug ip xxx.xxx.xxx.xxx filter but Wireshark gives you more filters. In Wireshark, you filter for the IP address of GoTrunk via sip && ip.addr ==

That way, you see just the traffic between you and GoTrunk. That should help you to debug this issue yourself. If you need any help to read the Wireshark output, just say so.

thank you.
I succeeded to configure the GoTrunk account for outbound calls but i still have problems with the inbounds calls. i have the sip as Registered in sip show registry but the inboubnds don’t work. i’ll try to debug it with wireshark.

there is a way to configure jai2ban to ban those IPs from the start?
thanks!

Fail2ban simply manipulates the Linux firewall. You can manually add rules to the firewall to ban specific addresses. The purpose of fail2ban is to discover new addresses as they arise. You may find it better to white list address ranges.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.