Welcome to It-Slav.Net blog
Peter Andersson
peter@it-slav.net

I've already got a female to worry about. Her name is the Enterprise.
-- Kirk, "The Corbomite Maneuver", stardate 1514.0

My internet connection is a crappy ADSL line.

 

I noticed that I did get alot alerts from op5 Monitor complaining about high error rate on the external network. After some investigation I noticed that UDP port 5060 generated approx 1.5 Mbps in traffic and that is more or less maximum my ADSL connection can handle. UDP port 5060 that is SIP.

 

A nice graph showing the errorrates, generated by op5 Monitor:

 

I looked into my Asterisk log:

 

[Sep  2 20:01:35] NOTICE[2459] chan_sip.c: Registration from ‘"3959" <sip:3959@82.182.144.134>’ failed for ’50.97.142.134′ – No matching peer found

[Sep  2 20:01:35] NOTICE[2459] chan_sip.c: Registration from ‘"3959" <sip:3959@82.182.144.134>’ failed for ’50.97.142.134′ – No matching peer found

[Sep  2 20:01:35] NOTICE[2459] chan_sip.c: Registration from ‘"3959" <sip:3959@82.182.144.134>’ failed for ’50.97.142.134′ – No matching peer found

[Sep  2 20:01:35] NOTICE[2459] chan_sip.c: Registration from ‘"3959" <sip:3959@82.182.144.134>’ failed for ’50.97.142.134′ – No matching peer found

[Sep  2 20:01:35] NOTICE[2459] chan_sip.c: Registration from ‘"3959" <sip:3959@82.182.144.134>’ failed for ’50.97.142.134′ – No matching peer found

[Sep  2 20:01:35] NOTICE[2459] chan_sip.c: Registration from ‘"3959" <sip:3959@82.182.144.134>’ failed for ’50.97.142.134′ – No matching peer found

 

Conclusion

Someone from 50.97.142.134 tries to register their SIP device on my Asterisk server, they do it an abnormal high rate.

 

 

Reaction

I created a block in my firewall on everything from 50.97.142.134. Unfortunatly it does not help much because it is on the wrong side of the ADSL connection. But I get rid of the handshaking and filled logs.

 

A whois search showed that the traffic comes from Softlayer in Dallas, so I wrote an email to postmaster@softlayer.com.

 

Lets see if I get any reaction

 

Share

Leave a Reply


4 × = twenty

Filled Under: asterisk, it-slav.net, sysadmin




Book reviews
FreePBX 2.5
Powerful Telephony Solutions






Asterisk 1.6
Build a feature rich telephony system with Asterisk






Learning NAGIOS 3.0





Cacti 0.8 Network Monitoring,
Monitor your network with ease!