I opened my pbx to the net recently and I changed all the default passwords and all to ensure security. I did this in order to be able to make calls away from home on the internet since I travel at times.
These Sip request seem to be random and it tries to connect to a bunch of different extensions and ports
ex
I have changed my ip
- Code: Select all
[Jan 18 00:01:31] NOTICE[13010]: chan_sip.c:28003 handle_request_register: Registration from '"604" <sip:604@162.xxx.x.xxx:5060>' failed for '46.19.139.174:5069' - Wrong password
[Jan 18 00:01:42] NOTICE[13010]: chan_sip.c:28003 handle_request_register: Registration from '"213213" <sip:213213@162.xxx.x.xxx:5060>' failed for '46.19.139.174:5074' - Wrong password
[Jan 18 00:02:48] NOTICE[13010]: chan_sip.c:28003 handle_request_register: Registration from '"203" <sip:203@162.xxx.x.xxx:5060>' failed for '46.19.139.174:5066' - Wrong password
[Jan 18 00:03:21] NOTICE[13010]: chan_sip.c:28003 handle_request_register: Registration from '"605" <sip:605@162.xxx.x.xxx:5060>' failed for '46.19.139.174:5071' - Wrong password
[Jan 18 00:04:30] NOTICE[13010]: chan_sip.c:28003 handle_request_register: Registration from '"7316" <sip:7316@162.xxx.x.xxx:5060>' failed for '46.19.139.174:5127' - Wrong password
[Jan 18 00:04:33] NOTICE[13010]: chan_sip.c:28003 handle_request_register: Registration from '"7378" <sip:7378@162.xxx.x.xxx:5060>' failed for '46.19.139.174:5084' - Wrong password
[Jan 18 00:04:37] NOTICE[13010]: chan_sip.c:28003 handle_request_register: Registration from '"9114" <sip:9114@162.xxx.x.xxx:5060>' failed for '46.19.139.174:5089' - Wrong password
[Jan 18 00:05:10] NOTICE[13010]: chan_sip.c:28003 handle_request_register: Registration from '"300" <sip:300@162.xxx.x.xxx:5060>' failed for '46.19.139.174:5066' - Wrong password
[Jan 18 00:05:24] NOTICE[13010]: chan_sip.c:28003 handle_request_register: Registration from '"702" <sip:702@162.xxx.x.xxx:5060>' failed for '46.19.139.174:5102' - Wrong password
[Jan 18 00:05:41] NOTICE[13010]: chan_sip.c:28003 handle_request_register: Registration from '"601" <sip:601@162.xxx.x.xxx:5060>' failed for '46.19.139.174:5084' - Wrong password
[Jan 18 00:05:50] NOTICE[13010]: chan_sip.c:28003 handle_request_register: Registration from '"400" <sip:400@162.xxx.x.xxx:5060>' failed for '46.19.139.174:5096' - Wrong password
[Jan 18 00:06:15] NOTICE[13010]: chan_sip.c:28003 handle_request_register: Registration from '"8122" <sip:8122@162.xxx.x.xxx:5060>' failed for '46.19.139.174:5116' - Wrong password
[Jan 18 00:06:21] NOTICE[13010]: chan_sip.c:28003 handle_request_register: Registration from '"8990" <sip:8990@162.xxx.x.xxx:5060>' failed for '46.19.139.174:5072' - Wrong password
[Jan 18 00:06:43] NOTICE[13010]: chan_sip.c:28003 handle_request_register: Registration from '"8370" <sip:8370@162.xxx.x.xxx:5060>' failed for '46.19.139.174:5105' - Wrong password
[Jan 18 00:06:58] NOTICE[13010]: chan_sip.c:28003 handle_request_register: Registration from '"104" <sip:104@162.xxx.x.xxx:5060>' failed for '46.19.139.174:5092' - Wrong password
[Jan 18 00:07:02] NOTICE[13010]: chan_sip.c:28003 handle_request_register: Registration from '"202" <sip:202@162.xxx.x.xxx:5060>' failed for '46.19.139.174:5063' - Wrong password
[Jan 18 00:07:05] NOTICE[13010]: chan_sip.c:28003 handle_request_register: Registration from '"7874" <sip:7874@162.xxx.x.xxx:5060>' failed for '46.19.139.174:5092' - Wrong password
[Jan 18 00:08:46] NOTICE[13010]: chan_sip.c:28003 handle_request_register: Registration from '"7001" <sip:7001@162.xxx.x.xxx:5060>' failed for '46.19.139.174:5064' - Wrong password
[Jan 18 00:09:08] NOTICE[13010]: chan_sip.c:28003 handle_request_register: Registration from '"402" <sip:402@162.xxx.x.xxx:5060>' failed for '46.19.139.174:5085' - Wrong password
[Jan 18 00:09:08] NOTICE[13010]: chan_sip.c:28003 handle_request_register: Registration from '"8184" <sip:8184@162.xxx.x.xxx:5060>' failed for '46.19.139.174:5066' - Wrong password
When I trace the IP Address it says the connection is coming from switerland
"Source http://www.ip-adress.com/ip_tracer/46.19.139.174 "
And I'm in the states. I'm going to assume this isn't normal and potentially a security issue and seeing if you can suggest ways to have asterisk or mybe centos block that ip?