你好,我刚刚安装了一个新的星号configuration与freepbx和签署一个SIP帐户。
我用我的提供商数据设置SIP中继,用asterisk -vvvr命令启动控制台进行debugging,然后我注意到日志被这样的条目充斥:
== Using SIP RTP CoS mark 5 -- Executing [00088884600972595117946@from-sip-external:1] NoOp("SIP/XXX.XXX.58.107-00000355", "Received incoming SIP connection from unknown peer to 00088884600972595117946") in new stack -- Executing [00088884600972595117946@from-sip-external:2] Set("SIP/XXX.XXX.58.107-00000355", "DID=00088884600972595117946") in new stack -- Executing [00088884600972595117946@from-sip-external:3] Goto("SIP/XXX.XXX.58.107-00000355", "s,1") in new stack -- Goto (from-sip-external,s,1) -- Executing [s@from-sip-external:1] GotoIf("SIP/XXX.XXX.58.107-00000355", "1?checklang:noanonymous") in new stack -- Goto (from-sip-external,s,2) -- Executing [s@from-sip-external:2] GotoIf("SIP/XXX.XXX.58.107-00000355", "0?setlanguage:from-trunk,00088884600972595117946,1") in new stack -- Goto (from-trunk,00088884600972595117946,1) -- Executing [00088884600972595117946@from-trunk:1] Set("SIP/XXX.XXX.58.107-00000355", "__FROM_DID=00088884600972595117946") in new stack -- Executing [00088884600972595117946@from-trunk:2] NoOp("SIP/XXX.XXX.58.107-00000355", "Received an unknown call with DID set to 00088884600972595117946") in new stack -- Executing [00088884600972595117946@from-trunk:3] Goto("SIP/XXX.XXX.58.107-00000355", "s,a2") in new stack -- Goto (from-trunk,s,2) -- Executing [s@from-trunk:2] Answer("SIP/XXX.XXX.58.107-00000355", "") in new stack -- <SIP/XXX.XXX.58.107-00000352> Playing 'digits/8.ulaw' (language 'en') -- <SIP/XXX.XXX.58.107-00000351> Playing 'digits/9.ulaw' (language 'en') -- <SIP/XXX.XXX.58.107-0000034f> Playing 'digits/6.ulaw' (language 'en') -- Executing [s@from-trunk:5] SayAlpha("SIP/XXX.XXX.58.107-00000353", "00088884400972595117946") in new stack -- <SIP/XXX.XXX.58.107-00000353> Playing 'digits/0.ulaw' (language 'en') -- Executing [s@from-trunk:3] Wait("SIP/XXX.XXX.58.107-00000355", "2") in new stack -- <SIP/XXX.XXX.58.107-00000350> Playing 'digits/1.ulaw' (language 'en') -- <SIP/XXX.XXX.58.107-00000352> Playing 'digits/8.ulaw' (language 'en') -- Executing [s@from-trunk:6] Hangup("SIP/XXX.XXX.58.107-0000034f", "") in new stack == Spawn extension (from-trunk, s, 6) exited non-zero on 'SIP/XXX.XXX.58.107-0000034f' -- Executing [h@from-trunk:1] Macro("SIP/XXX.XXX.58.107-0000034f", "hangupcall,") in new stack -- Executing [s@macro-hangupcall:1] GotoIf("SIP/XXX.XXX.58.107-0000034f", "1?theend") in new stack -- Goto (macro-hangupcall,s,3) -- Executing [s@macro-hangupcall:3] ExecIf("SIP/XXX.XXX.58.107-0000034f", "0?Set(CDR(recordingfile)=)") in new stack -- Executing [s@macro-hangupcall:4] Hangup("SIP/XXX.XXX.58.107-0000034f", "") in new stack == Spawn extension (macro-hangupcall, s, 4) exited non-zero on 'SIP/XXX.XXX.58.107-0000034f' in macro 'hangupcall' == Spawn extension (from-trunk, h, 1) exited non-zero on 'SIP/XXX.XXX.58.107-0000034f' -- <SIP/XXX.XXX.58.107-00000351> Playing 'digits/7.ulaw' (language 'en') -- <SIP/XXX.XXX.58.107-00000350> Playing 'digits/1.ulaw' (language 'en') -- <SIP/XXX.XXX.58.107-00000353> Playing 'digits/0.ulaw' (language 'en') -- <SIP/XXX.XXX.58.107-00000352> Playing 'digits/4.ulaw' (language 'en') 我只是不能debugging我的主干,因为来自未知同行的烦人的连接,这些调用是什么,我如何跟踪他们的起源,这可能是我的提供商发生故障的testing工具?
即使closures了客户端,您的Asterisk服务器仍然会遭到SIP黑客攻击。 您应该安装更多的东西来监视和pipe理攻击。 看看Asterisk Security的build议,甚至是关于如何保护你的Asterisk服务器的基础知识。 (客人是不够的)
我想这一切都取决于 – 我假设你在某种Linux上运行Asterisk? 我已经做了好几次了,可能会有点棘手。 但是 – 当涉及到debugging时,有一些工具可以提供帮助。
例如,可以使用IPTables阻止未知的客户端。 如果您知道您的电话来自哪里,则可以设置防火墙规则来阻止除此之外的任何内容。 这就是我所做的 – 确保只有我自己的客户加上任何上游PBX系统才能通话。
为了弄清楚谁是未知的客户端,你可以使用像Wireshark这样的工具根据types等过滤连接。 这通常可以清楚地了解正在发生的事情。
这些只是指针。 你可能想详细说明你的设置 – 那么我可能会更具体。
那么,我发现我允许SIP客人。 似乎许多机器人正在寻找不安全的服务器垃圾邮件或中继。
所以我只是禁用了这个选项,我的日志现在恢复到正常状态。