Warning with inbound call

All installation and configuration problems and questions

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

Warning with inbound call

Postby JCSANHUEZA » Mon Jul 30, 2012 1:12 pm

does anybody here know about this kind of warning message..

[Jul 30 12:56:10] NOTICE[4942]: chan_sip.c:15492 handle_request_invite: Sending fake auth rejection for user <sip:1122334455@111.222.333.444:5060;user=phone>;tag=2052b70-c8724cc8-13c4-9eb22c-4f6dec38-9eb22c

Carrier

[carrier]
username=0987654321
user=0987654321
type=peer
secret=xxxxxxxxxxx
nat=yes
host=sip.carrier.com
fromusername=987654321
fromuser=987654321
fromdomain=sip.carrier.com
disallow=all
allow=alaw
allow=ulaw
allow=g729
context=trunkinbound

in-bound group

Group ID: SALESLINE
Group Name: Primary Sales Line
Group Color: red
Active: Y
Web Form: <we leave this blank>
Voicemail: <we leave this blank>
Next Agent Call: oldest_call_finish
Fronter Display: Y
Script: NONE
Get Call Launch: NONE

DID

DID Extension: 987654321
DID Description: Inbound 800 number
Active: Y
DID Route: IN_GROUP
In-Group ID: SALESLINE
In-Group Call Handle Method: CID
In-Group Agent Search Method: LB
In-Group Phone Code: 1

Thanks in advance
ViciBox 3.1.15
Vicidial 2.4.357a
Asterisk 1.4.39.2-vici
Single Server
No Sangoma Hardware
HP ProLiant ML350p Gen8
Manager and agent book paid version
JCSANHUEZA
 
Posts: 26
Joined: Tue Jul 03, 2012 3:16 pm

Re: Warning with inbound call

Postby DomeDan » Tue Jul 31, 2012 5:52 am

Its a brute-force attack, you should setup a firewall to only allow traffic from addresses you need to connect to.
I've read that setting:
alwaysauthreject=yes
allowguest=no
is a good idea too
Vicidial Partner. Region: Sweden/Norway.
Does Vicidial installation, configuration, customization, add-ons, CRM implementation, support, upgrading, network-related, pentesting etc. Remote and onsite assistance.
Email: domedan (at) gmail.com
DomeDan
 
Posts: 1226
Joined: Tue Jan 04, 2011 9:17 am
Location: Sweden

Re: Warning with inbound call

Postby JCSANHUEZA » Tue Jul 31, 2012 2:11 pm

DomeDan wrote:Its a brute-force attack, you should setup a firewall to only allow traffic from addresses you need to connect to.
I've read that setting:
alwaysauthreject=yes
allowguest=no
is a good idea too


Currently the firewall is disabled. The incoming call I make myself and the idea is that an agent receives the call.

This is a test server, out of production
ViciBox 3.1.15
Vicidial 2.4.357a
Asterisk 1.4.39.2-vici
Single Server
No Sangoma Hardware
HP ProLiant ML350p Gen8
Manager and agent book paid version
JCSANHUEZA
 
Posts: 26
Joined: Tue Jul 03, 2012 3:16 pm

Re: Warning with inbound call

Postby JCSANHUEZA » Wed Aug 01, 2012 7:33 pm

Code: Select all
[Aug  1 19:32:12]     -- Executing [52553603050@trunkinbound:1] AGI("SIP/525536030506-00000005", "agi-DID_route.agi") in new stack
[Aug  1 19:32:12]     -- Launched AGI Script /var/lib/asterisk/agi-bin/agi-DID_route.agi
[Aug  1 19:32:12] ERROR[7730]: utils.c:967 ast_carefulwrite: write() returned error: Broken pipe
[Aug  1 19:32:12]     -- AGI Script agi-DID_route.agi completed, returning 0
[Aug  1 19:32:12]     -- Executing [9998811112@default:1] Wait("SIP/525536030506-00000005", "2") in new stack
[Aug  1 19:32:14]     -- Executing [9998811112@default:2] Answer("SIP/525536030506-00000005", "") in new stack
[Aug  1 19:32:14]     -- Executing [9998811112@default:3] Playback("SIP/525536030506-00000005", "ss-noservice") in new stack
[Aug  1 19:32:14]     -- <SIP/525536030506-00000005> Playing 'ss-noservice' (language 'en')
[Aug  1 19:32:19]     -- Executing [9998811112@default:4] Playback("SIP/525536030506-00000005", "vm-goodbye") in new stack
[Aug  1 19:32:19]     -- <SIP/525536030506-00000005> Playing 'vm-goodbye' (language 'en')
[Aug  1 19:32:19]   == Spawn extension (default, 9998811112, 4) exited non-zero on 'SIP/525536030506-00000005'
[Aug  1 19:32:19]     -- Executing [h@default:1] DeadAGI("SIP/525536030506-00000005", "agi://127.0.0.1:4577/call_log--HVcauses--PRI-----NODEBUG-----0---------------") in new stack
[Aug  1 19:32:19]     -- AGI Script agi://127.0.0.1:4577/call_log--HVcauses--PRI-----NODEBUG-----0--------------- completed, returning 0


Any Idea ?
ViciBox 3.1.15
Vicidial 2.4.357a
Asterisk 1.4.39.2-vici
Single Server
No Sangoma Hardware
HP ProLiant ML350p Gen8
Manager and agent book paid version
JCSANHUEZA
 
Posts: 26
Joined: Tue Jul 03, 2012 3:16 pm

Re: Warning with inbound call

Postby williamconley » Thu Aug 02, 2012 1:37 am

bad user or password and your system is set to ALWAYS reject and say the user does not exist. This way a brute force attacker will not be able to guess at user names until they get lucky, and then guess at passwords for the user. All rejects are "user" rejects.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20278
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Warning with inbound call

Postby JCSANHUEZA » Thu Aug 02, 2012 10:18 am

williamconley wrote:bad user or password and your system is set to ALWAYS reject and say the user does not exist. This way a brute force attacker will not be able to guess at user names until they get lucky, and then guess at passwords for the user. All rejects are "user" rejects.


then? Calling it like I do?

TORIIIITOOOOOOOOOOOOOOOOOOOOOOOOOOO!

Thanks In Advance
ViciBox 3.1.15
Vicidial 2.4.357a
Asterisk 1.4.39.2-vici
Single Server
No Sangoma Hardware
HP ProLiant ML350p Gen8
Manager and agent book paid version
JCSANHUEZA
 
Posts: 26
Joined: Tue Jul 03, 2012 3:16 pm

Re: Warning with inbound call

Postby JCSANHUEZA » Thu Aug 02, 2012 4:12 pm

WORK IT.... YEEEAAAAHHHHHHHHHHHHH!!!
ViciBox 3.1.15
Vicidial 2.4.357a
Asterisk 1.4.39.2-vici
Single Server
No Sangoma Hardware
HP ProLiant ML350p Gen8
Manager and agent book paid version
JCSANHUEZA
 
Posts: 26
Joined: Tue Jul 03, 2012 3:16 pm


Return to Support

Who is online

Users browsing this forum: vanmido and 135 guests