Sip:ping@noname.com
The SIP trace shows messages from what I took to be a suspicious connection from sip:ping@noname.com so I added that IP address to IP
tables…but then anveo showed as unreachable so I removed that rule.
Yes, I’m running fail2ban.
What are these messages from sip:ping@noname.com? The domain name alone set off alarm bells for me. (I was looking for my own registration attempts when I turned on SIP debugging.)
SIP trace:
fqdn*CLI>
fqdn*CLI> sip set debug on SIP Debugging enabled fqdn*CLI>
<--- SIP read from UDP:67.212.84.21:5010 --->
OPTIONS sip:s@xxx.xxx.xxx.xxx:5060 SIP/2.0
Via: SIP/2.0/UDP 67.212.84.21:5010;branch=0
From: sip:ping@noname.com;tag=uloc-5875e606-bf5-dea1e-52564b36-00fe47a3
To: sip:s@xxx.xxx.xxx.xxx:5060
Call-ID: cb004ab7-97b14601-e7ade23@67.212.84.21
CSeq: 1 OPTIONS
Content-Length: 0
<------------->
— (7 headers 0 lines) –
One thought on - Sip:ping@noname.com
It’s just a keepalive from their end to determine that your SIP server is still reachable and to keep open any NAT mappings so you are reachable.