WARNING! ELASTIX AT RISK OF SIP ATTACKERS

Discussion in 'General' started by leevancleef, Aug 24, 2009.

  1. leevancleef

    Joined:
    Dec 10, 2008
    Messages:
    47
    Likes Received:
    0
    Hello People

    Yesterday I noticed that the CPU and network traffic was suddenly too high. In the first instance I thought that my box had gone mad, but after some research I saw this in the log.

    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"2172535343"<sip:2172535343@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"317003311"<sip:317003311@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"test"<sip:test@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"test123"<sip:test123@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"test12"<sip:test12@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"guest"<sip:guest@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"100"<sip:100@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"101"<sip:101@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"admin"<sip:admin@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"102"<sip:102@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"administrator"<sip:administrator@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"account"<sip:account@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"103"<sip:103@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"mark"<sip:mark@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"104"<sip:104@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"michael"<sip:michael@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"105"<sip:105@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"alex"<sip:alex@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"106"<sip:106@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"test1"<sip:test1@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"107"<sip:107@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"108"<sip:108@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"109"<sip:109@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"110"<sip:110@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"111"<sip:111@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"112"<sip:112@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"113"<sip:113@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"114"<sip:114@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:07:37] NOTICE[2502] chan_sip.c: Registration from '"115"<sip:115@83.55.51.120>' failed for '85.214.96.130' - No matching peer found



    [Aug 23 21:08:41] NOTICE[2502] chan_sip.c: Registration from '"8387"<sip:8387@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:08:41] NOTICE[2502] chan_sip.c: Registration from '"8388"<sip:8388@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:08:41] NOTICE[2502] chan_sip.c: Registration from '"8389"<sip:8389@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:08:41] NOTICE[2502] chan_sip.c: Registration from '"8390"<sip:8390@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:08:41] NOTICE[2502] chan_sip.c: Registration from '"8391"<sip:8391@83.55.51.120>' failed for '85.214.96.130' - No matching peer found
    [Aug 23 21:08:41] NOTICE[2502] chan_sip.c: Registration from '"8392"<sip:8392@83.55.51.120>' failed for '85.214.96.130' - No matching peer found



    Fortunately I have a dynamic IP so I reset the router to obtain a new one, and preventively I have banned IP address 85.214.96.130 on iptables.

    There is a web server on that address http://www.lombre.de/ I guess it could be hacked by someone

    What worries me is not that someone can get into my system but that they can collapse my server and make it unusable. Does anyone have any suggestion to prevent this?


    Best regards


    P.D. jasong, another elastix user has been also attacked by probably same people. See here http://www.elastix.org/index.php?option ... 3610#33930
     

Share This Page