Odd CDR Log Entries

kiemosan

Joined
Aug 9, 2010
Messages
12
Likes
0
Points
0
#1
Hi,

We're still in the testing phase with our new Elastix install and I've had the following log entries over the weekend.

To me it looks like someone is trying to originate calls through my system but failing. I've checked my VOIP provider logs and they are not getting anywhere.

I can't limit the incoming IPs to the Elastix box as we have several remote users on dynamic IPs.

I'm going to look at fail2ban ASAP but could anyone advise what this person/system is trying to do?

Thanks in advance

John

2010-09-05 00:39:56 1760471541 s SIP/x.x.x.x-000000a1 ANSWERED 1
2010-09-05 02:47:53 950893777399116114 s SIP/x.x.x.x-000000a2 ANSWERED 0
2010-09-05 04:56:30 1815654301 s SIP/x.x.x.x-000000a3 ANSWERED 0
2010-09-05 07:05:28 707916222410971601 s SIP/x.x.x.x-000000a4 ANSWERED 1
2010-09-05 09:15:02 11324229005 s SIP/x.x.x.x-000000a5 ANSWERED 0
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#2
Make calls, to see the size of the problem try

cat /var/log/asterisk/full*|grep "failed for"

then

yum -y install jwhois

You will find it useful for fail2ban anyway

whois x.x.x.x

will expose exactly who ( no prizes for guessing the Country of origin)

dicko
 

kiemosan

Joined
Aug 9, 2010
Messages
12
Likes
0
Points
0
#3

kiemosan

Joined
Aug 9, 2010
Messages
12
Likes
0
Points
0
#4
Hi Dicko,

Forget my post about. Starting the fail2ban-client manually pointed out a typo in my asterisk.conf file name hence the start failure!

Taught myself a bit more about linux in the process.

Thanks

john
 

Members online

No members online now.

Latest posts

Forum statistics

Threads
30,898
Messages
130,879
Members
17,560
Latest member
manuelc
Top