Help Me Understand These Log Messages

Home » Asterisk Users » Help Me Understand These Log Messages
Asterisk Users 3 Comments

OK, I need a bit of help here. I’m configuring a new Asterisk 11
system and I accidentally let my firewall rules drop for a day or so. When I logged in today, I found messages like the ones below on my asterisk console. Obviously somebody was trying to take advantage of my carelessness. So can someone explain what would cause these types of messages to show up on my console?

I understand that my iptables would have stopped this but I’m just trying to understand more about the problem. What other settings might have stopped this? Fail2ban was running but there were no
“failed registration” type messages that would have triggered it.

[May 31 01:47:40] NOTICE[2544][C-00000001] chan_sip.c: Call from ”
(188.161.238.232:28203) to extension ‘972595595767’ rejected because extension not found in context ‘default’.
[May 31 01:47:40] verbose[2544][C-00000002] netsock2.c: == Using SIP
RTP CoS mark 5
[May 31 01:47:40] NOTICE[2544][C-00000002] chan_sip.c: Call from ”
(188.161.238.232:28203) to extension ‘00972595595767’ rejected because extension not found in context ‘default’.
[May 31 01:47:41] VERBOSE[2544][C-00000003] netsock2.c: == Using SIP
RTP CoS mark 5
[May 31 01:47:41] NOTICE[2544][C-00000003] chan_sip.c: Call from ”
(188.161.238.232:28203) to extension ‘000972595595767’ rejected because extension not found in context ‘default’.
[May 31 01:47:41] VERBOSE[2544][C-00000004] netsock2.c: == Using SIP
RTP CoS mark 5
[May 31 01:47:41] NOTICE[2544][C-00000004] chan_sip.c: Call from ”
(188.161.238.232:28203) to extension ‘011972595595767’ rejected because extension not found in context ‘default’.

3 thoughts on - Help Me Understand These Log Messages

  • … an anonyous (not registerted) sip user from 188.161.238.232 was trying to initiate a call to
    9725955 and so on… you could enable sip tracing to get more information.

    maybe you should change the ‘allowguest’ option in sip.conf..?

    regards, yves

    Am 31.05.2013 23:57, schrieb Chris Gentle:

  • Top of sip.conf

    ;
    ; SIP Configuration example for Asterisk
    ;
    ; Note: Please read the security documentation for Asterisk in order to
    ; understand the risks of installing Asterisk with the sample
    ; configuration. If your Asterisk is installed on a public
    ; IP address connected to the Internet, you will want to learn
    ; about the various security settings BEFORE you start
    ; Asterisk.
    ;
    ; Especially note the following settings:
    ; – allowguest (default enabled)
    ; – permit/deny/acl – IP address filters
    ; – contactpermit/contactdeny/contactacl – IP address filters for registrations
    ; – context – Which set of services you offer various users
    ;

    In other words: allowguest = yes, is the default. But in trunk the context for guest is [public], yours started in the
    [default] context

    Alec

  • OK, I understand now. I didn’t realize allowguest was on by default. I guess I should read more closely. Thanks!