I am looking for some insight as to what the hacker is trying to do. My security log has the following message (some data changed)
[color=#BF8040][Nov 9 20:46:56] SECURITY[1944]: res_security_log.c:116 security_event_stasis_cb: SecurityEvent=“ChallengeSent”,EventTV=“2015-11-09T20:46:56.647-0800”,Severity=“Informational”,Service=“SIP”,EventVersion=“1”,AccountID="[/color][color=#0040FF]sip:101@[/color][color=#BF8040]",SessionID=“0x7fxxxxxx”,LocalAddress=“IPV4/UDP//5060”,RemoteAddress=“IPV4/UDP/[/color][color=#0000FF][/color][color=#BF8040]/5070”,Challenge=“2exxxxxx”[/color]
What is interesting is I don’t have any registration failures but clearly someone is trying to access something. It is intersting that the accountID which should be my phone number is a SIP address.
What seems spooky is that Asterisk appears to then tries to do something and then produces a timeout message.
[color=#BF8040][Nov 9 20:59:27] WARNING[1934]: chan_sip.c:4071 retrans_pkt: [/color][color=#4040FF]Timeout on 97xxxxxxxxxxxxxxxxxxx on non-critical invite transaction[/color]]
So I am trying to figure out what the person is trying to do so I can check my security and ensure they won’t be successful.
Any suggestions would be appreciated.