Odd CDR Log Entries

Discussion in 'General' started by kiemosan, Sep 5, 2010.

  1. kiemosan

    Joined:
    Aug 9, 2010
    Messages:
    12
    Likes Received:
    0
    Hi,

    We're still in the testing phase with our new Elastix install and I've had the following log entries over the weekend.

    To me it looks like someone is trying to originate calls through my system but failing. I've checked my VOIP provider logs and they are not getting anywhere.

    I can't limit the incoming IPs to the Elastix box as we have several remote users on dynamic IPs.

    I'm going to look at fail2ban ASAP but could anyone advise what this person/system is trying to do?

    Thanks in advance

    John

    2010-09-05 00:39:56 1760471541 s SIP/x.x.x.x-000000a1 ANSWERED 1
    2010-09-05 02:47:53 950893777399116114 s SIP/x.x.x.x-000000a2 ANSWERED 0
    2010-09-05 04:56:30 1815654301 s SIP/x.x.x.x-000000a3 ANSWERED 0
    2010-09-05 07:05:28 707916222410971601 s SIP/x.x.x.x-000000a4 ANSWERED 1
    2010-09-05 09:15:02 11324229005 s SIP/x.x.x.x-000000a5 ANSWERED 0
     
  2. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    Make calls, to see the size of the problem try

    cat /var/log/asterisk/full*|grep "failed for"

    then

    yum -y install jwhois

    You will find it useful for fail2ban anyway

    whois x.x.x.x

    will expose exactly who ( no prizes for guessing the Country of origin)

    dicko
     
  3. kiemosan

    Joined:
    Aug 9, 2010
    Messages:
    12
    Likes Received:
    0
  4. kiemosan

    Joined:
    Aug 9, 2010
    Messages:
    12
    Likes Received:
    0
    Hi Dicko,

    Forget my post about. Starting the fail2ban-client manually pointed out a typo in my asterisk.conf file name hence the start failure!

    Taught myself a bit more about linux in the process.

    Thanks

    john
     

Share This Page