Freepbx low level traffic noise ?

Discussion in 'UK VOIP' started by Dave, Oct 16, 2013.

  1. Dave

    Dave Guest

    Hello, I've noticed some level traffic about 5k in, I just wondered if
    someone is trying to hack in. I have the box 'open' UDP 10001-20000 and
    forwarding a 'hidden' port to 5060.
    Closing these ports I still get this 'noise' it could be normal SIP traffic
    but the box this happens when the box is used i.e. no calls in use ??...
     
    Dave, Oct 16, 2013
    #1
    1. Advertising

  2. Dave

    Bob Eager Guest

    On Wed, 16 Oct 2013 11:22:08 +0100, Dave wrote:

    > Hello, I've noticed some level traffic about 5k in, I just wondered if
    > someone is trying to hack in. I have the box 'open' UDP 10001-20000 and
    > forwarding a 'hidden' port to 5060.
    > Closing these ports I still get this 'noise' it could be normal SIP
    > traffic but the box this happens when the box is used i.e. no calls in
    > use ??...


    Look at the logfiles?



    --
    Use the BIG mirror service in the UK: http://www.mirrorservice.org
    My posts (including this one) are my copyright and if @diy_forums on
    Twitter wish to tweet them they can pay me £30 a post
    *lightning surge protection* - a w_tom conductor
     
    Bob Eager, Oct 16, 2013
    #2
    1. Advertising

  3. Dave

    Dave Guest

    "Bob Eager" <> wrote in message
    news:...
    > On Wed, 16 Oct 2013 11:22:08 +0100, Dave wrote:
    >
    >> Hello, I've noticed some level traffic about 5k in, I just wondered if
    >> someone is trying to hack in. I have the box 'open' UDP 10001-20000 and
    >> forwarding a 'hidden' port to 5060.
    >> Closing these ports I still get this 'noise' it could be normal SIP
    >> traffic but the box this happens when the box is used i.e. no calls in
    >> use ??...

    >
    > Look at the logfiles?
    >
    >
    >
    > --
    > Use the BIG mirror service in the UK: http://www.mirrorservice.org
    > My posts (including this one) are my copyright and if @diy_forums on
    > Twitter wish to tweet them they can pay me £30 a post
    > *lightning surge protection* - a w_tom conductor


    Nothing of note in the 'Reports' FULL log files in the security log I'm
    seeing this :-

    [2013-10-16 12:29:47] SECURITY[3083] res_security_log.c:
    SecurityEvent="SuccessfulAuth",EventTV="1381922987-13205",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/TCP/0.0.0.0/5038",RemoteAddress="IPV4/TCP/127.0.0.1/56491",UsingPassword="0",SessionTV="1381922987-13170"
    [2013-10-16 12:29:55] SECURITY[3083] res_security_log.c:
    SecurityEvent="SuccessfulAuth",EventTV="1381922995-359897",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/TCP/0.0.0.0/5038",RemoteAddress="IPV4/TCP/127.0.0.1/56492",UsingPassword="0",SessionTV="1381922995-359860"
    [2013-10-16 12:30:01] SECURITY[3083] res_security_log.c:
    SecurityEvent="SuccessfulAuth",EventTV="1381923001-122030",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/TCP/0.0.0.0/5038",RemoteAddress="IPV4/TCP/127.0.0.1/56493",UsingPassword="0",SessionTV="1381923001-121994"
    [2013-10-16 12:30:38] SECURITY[3083] res_security_log.c:
    SecurityEvent="SuccessfulAuth",EventTV="1381923038-486944",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/TCP/0.0.0.0/5038",RemoteAddress="IPV4/TCP/127.0.0.1/56494",UsingPassword="0",SessionTV="1381923038-486910"
    [2013-10-16 12:31:02] SECURITY[3083] res_security_log.c:
    SecurityEvent="SuccessfulAuth",EventTV="1381923062-742027",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/TCP/0.0.0.0/5038",RemoteAddress="IPV4/TCP/127.0.0.1/56495",UsingPassword="0",SessionTV="1381923062-741991"


    ??? Anywhere else I can look at ...
    Dave
     
    Dave, Oct 16, 2013
    #3
  4. Dave

    Bob Eager Guest

    On Wed, 16 Oct 2013 12:33:04 +0100, Dave wrote:

    > "Bob Eager" <> wrote in message
    > news:...
    >> On Wed, 16 Oct 2013 11:22:08 +0100, Dave wrote:
    >>
    >>> Hello, I've noticed some level traffic about 5k in, I just wondered if
    >>> someone is trying to hack in. I have the box 'open' UDP 10001-20000
    >>> and forwarding a 'hidden' port to 5060.
    >>> Closing these ports I still get this 'noise' it could be normal SIP
    >>> traffic but the box this happens when the box is used i.e. no calls in
    >>> use ??...

    >>
    >> Look at the logfiles?
    >>
    >>
    >>
    >> --
    >> Use the BIG mirror service in the UK: http://www.mirrorservice.org My
    >> posts (including this one) are my copyright and if @diy_forums on
    >> Twitter wish to tweet them they can pay me £30 a post *lightning surge
    >> protection* - a w_tom conductor

    >
    > Nothing of note in the 'Reports' FULL log files in the security log I'm
    > seeing this :-
    >
    > [2013-10-16 12:29:47] SECURITY[3083] res_security_log.c:
    >

    SecurityEvent="SuccessfulAuth",EventTV="1381922987-13205",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/
    TCP/0.0.0.0/5038",RemoteAddress="IPV4/
    TCP/127.0.0.1/56491",UsingPassword="0",SessionTV="1381922987-13170"
    > [2013-10-16 12:29:55] SECURITY[3083] res_security_log.c:
    >

    SecurityEvent="SuccessfulAuth",EventTV="1381922995-359897",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/
    TCP/0.0.0.0/5038",RemoteAddress="IPV4/
    TCP/127.0.0.1/56492",UsingPassword="0",SessionTV="1381922995-359860"
    > [2013-10-16 12:30:01] SECURITY[3083] res_security_log.c:
    >

    SecurityEvent="SuccessfulAuth",EventTV="1381923001-122030",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/
    TCP/0.0.0.0/5038",RemoteAddress="IPV4/
    TCP/127.0.0.1/56493",UsingPassword="0",SessionTV="1381923001-121994"
    > [2013-10-16 12:30:38] SECURITY[3083] res_security_log.c:
    >

    SecurityEvent="SuccessfulAuth",EventTV="1381923038-486944",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/
    TCP/0.0.0.0/5038",RemoteAddress="IPV4/
    TCP/127.0.0.1/56494",UsingPassword="0",SessionTV="1381923038-486910"
    > [2013-10-16 12:31:02] SECURITY[3083] res_security_log.c:
    >

    SecurityEvent="SuccessfulAuth",EventTV="1381923062-742027",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/
    TCP/0.0.0.0/5038",RemoteAddress="IPV4/
    TCP/127.0.0.1/56495",UsingPassword="0",SessionTV="1381923062-741991"
    >
    >
    > ??? Anywhere else I can look at ...
    > Dave



    I use bog standard Asterisk, and have a 'messages' log file and a
    'verbose' log file. They record every IP address that fails to register/
    whatever, and I get emailed about repeated attempts. It also tells the
    firewall to do a temporary block.

    Can't say how this maps to freepbx I'm afraid...you might have to alter
    logging verbosity levels to see if anything shows up. Or perhaps firewall
    logs.


    --
    Use the BIG mirror service in the UK: http://www.mirrorservice.org
    My posts (including this one) are my copyright and if @diy_forums on
    Twitter wish to tweet them they can pay me £30 a post
    *lightning surge protection* - a w_tom conductor
     
    Bob Eager, Oct 16, 2013
    #4
  5. Dave

    Dave Guest

    "Bob Eager" <> wrote in message
    news:...
    > On Wed, 16 Oct 2013 12:33:04 +0100, Dave wrote:
    >
    >> "Bob Eager" <> wrote in message
    >> news:...
    >>> On Wed, 16 Oct 2013 11:22:08 +0100, Dave wrote:
    >>>
    >>>> Hello, I've noticed some level traffic about 5k in, I just wondered if
    >>>> someone is trying to hack in. I have the box 'open' UDP 10001-20000
    >>>> and forwarding a 'hidden' port to 5060.
    >>>> Closing these ports I still get this 'noise' it could be normal SIP
    >>>> traffic but the box this happens when the box is used i.e. no calls in
    >>>> use ??...
    >>>
    >>> Look at the logfiles?
    >>>
    >>>
    >>>
    >>> --
    >>> Use the BIG mirror service in the UK: http://www.mirrorservice.org My
    >>> posts (including this one) are my copyright and if @diy_forums on
    >>> Twitter wish to tweet them they can pay me £30 a post *lightning surge
    >>> protection* - a w_tom conductor

    >>
    >> Nothing of note in the 'Reports' FULL log files in the security log I'm
    >> seeing this :-
    >>
    >> [2013-10-16 12:29:47] SECURITY[3083] res_security_log.c:
    >>

    > SecurityEvent="SuccessfulAuth",EventTV="1381922987-13205",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/
    > TCP/0.0.0.0/5038",RemoteAddress="IPV4/
    > TCP/127.0.0.1/56491",UsingPassword="0",SessionTV="1381922987-13170"
    >> [2013-10-16 12:29:55] SECURITY[3083] res_security_log.c:
    >>

    > SecurityEvent="SuccessfulAuth",EventTV="1381922995-359897",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/
    > TCP/0.0.0.0/5038",RemoteAddress="IPV4/
    > TCP/127.0.0.1/56492",UsingPassword="0",SessionTV="1381922995-359860"
    >> [2013-10-16 12:30:01] SECURITY[3083] res_security_log.c:
    >>

    > SecurityEvent="SuccessfulAuth",EventTV="1381923001-122030",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/
    > TCP/0.0.0.0/5038",RemoteAddress="IPV4/
    > TCP/127.0.0.1/56493",UsingPassword="0",SessionTV="1381923001-121994"
    >> [2013-10-16 12:30:38] SECURITY[3083] res_security_log.c:
    >>

    > SecurityEvent="SuccessfulAuth",EventTV="1381923038-486944",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/
    > TCP/0.0.0.0/5038",RemoteAddress="IPV4/
    > TCP/127.0.0.1/56494",UsingPassword="0",SessionTV="1381923038-486910"
    >> [2013-10-16 12:31:02] SECURITY[3083] res_security_log.c:
    >>

    > SecurityEvent="SuccessfulAuth",EventTV="1381923062-742027",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/
    > TCP/0.0.0.0/5038",RemoteAddress="IPV4/
    > TCP/127.0.0.1/56495",UsingPassword="0",SessionTV="1381923062-741991"
    >>
    >>
    >> ??? Anywhere else I can look at ...
    >> Dave

    >
    >
    > I use bog standard Asterisk, and have a 'messages' log file and a
    > 'verbose' log file. They record every IP address that fails to register/
    > whatever, and I get emailed about repeated attempts. It also tells the
    > firewall to do a temporary block.
    >
    > Can't say how this maps to freepbx I'm afraid...you might have to alter
    > logging verbosity levels to see if anything shows up. Or perhaps firewall
    > logs.
    >
    >
    > --
    > Use the BIG mirror service in the UK: http://www.mirrorservice.org
    > My posts (including this one) are my copyright and if @diy_forums on
    > Twitter wish to tweet them they can pay me £30 a post
    > *lightning surge protection* - a w_tom conductor


    That's more what I was looking for, a log/list of IP addresses connected or
    trying to connect. I could ARP poison myself and monitor the traffic with
    Wireshark but that can get messy.
    I was looking for a way the do it within Freepbx. As you say there probably
    is a verbose type command that will make Freepbx spit it out. Where is the
    messages log file you are looking at located ??
     
    Dave, Oct 16, 2013
    #5
  6. Dave

    Bob Eager Guest

    On Wed, 16 Oct 2013 12:51:18 +0100, Dave wrote:

    > "Bob Eager" <> wrote in message
    > news:...
    >> On Wed, 16 Oct 2013 12:33:04 +0100, Dave wrote:
    >>
    >>> "Bob Eager" <> wrote in message
    >>> news:...
    >>>> On Wed, 16 Oct 2013 11:22:08 +0100, Dave wrote:
    >>>>
    >>>>> Hello, I've noticed some level traffic about 5k in, I just wondered
    >>>>> if someone is trying to hack in. I have the box 'open' UDP
    >>>>> 10001-20000 and forwarding a 'hidden' port to 5060.
    >>>>> Closing these ports I still get this 'noise' it could be normal SIP
    >>>>> traffic but the box this happens when the box is used i.e. no calls
    >>>>> in use ??...
    >>>>
    >>>> Look at the logfiles?
    >>>>
    >>>>
    >>>>
    >>>> --
    >>>> Use the BIG mirror service in the UK: http://www.mirrorservice.org My
    >>>> posts (including this one) are my copyright and if @diy_forums on
    >>>> Twitter wish to tweet them they can pay me £30 a post *lightning
    >>>> surge protection* - a w_tom conductor
    >>>
    >>> Nothing of note in the 'Reports' FULL log files in the security log
    >>> I'm seeing this :-
    >>>
    >>> [2013-10-16 12:29:47] SECURITY[3083] res_security_log.c:
    >>>

    >>

    SecurityEvent="SuccessfulAuth",EventTV="1381922987-13205",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/
    >> TCP/0.0.0.0/5038",RemoteAddress="IPV4/
    >> TCP/127.0.0.1/56491",UsingPassword="0",SessionTV="1381922987-13170"
    >>> [2013-10-16 12:29:55] SECURITY[3083] res_security_log.c:
    >>>

    >>

    SecurityEvent="SuccessfulAuth",EventTV="1381922995-359897",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/
    >> TCP/0.0.0.0/5038",RemoteAddress="IPV4/
    >> TCP/127.0.0.1/56492",UsingPassword="0",SessionTV="1381922995-359860"
    >>> [2013-10-16 12:30:01] SECURITY[3083] res_security_log.c:
    >>>

    >>

    SecurityEvent="SuccessfulAuth",EventTV="1381923001-122030",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/
    >> TCP/0.0.0.0/5038",RemoteAddress="IPV4/
    >> TCP/127.0.0.1/56493",UsingPassword="0",SessionTV="1381923001-121994"
    >>> [2013-10-16 12:30:38] SECURITY[3083] res_security_log.c:
    >>>

    >>

    SecurityEvent="SuccessfulAuth",EventTV="1381923038-486944",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/
    >> TCP/0.0.0.0/5038",RemoteAddress="IPV4/
    >> TCP/127.0.0.1/56494",UsingPassword="0",SessionTV="1381923038-486910"
    >>> [2013-10-16 12:31:02] SECURITY[3083] res_security_log.c:
    >>>

    >>

    SecurityEvent="SuccessfulAuth",EventTV="1381923062-742027",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/
    >> TCP/0.0.0.0/5038",RemoteAddress="IPV4/
    >> TCP/127.0.0.1/56495",UsingPassword="0",SessionTV="1381923062-741991"
    >>>
    >>>
    >>> ??? Anywhere else I can look at ...
    >>> Dave

    >>
    >>
    >> I use bog standard Asterisk, and have a 'messages' log file and a
    >> 'verbose' log file. They record every IP address that fails to
    >> register/
    >> whatever, and I get emailed about repeated attempts. It also tells the
    >> firewall to do a temporary block.
    >>
    >> Can't say how this maps to freepbx I'm afraid...you might have to alter
    >> logging verbosity levels to see if anything shows up. Or perhaps
    >> firewall logs.
    >>
    >>
    >> --
    >> Use the BIG mirror service in the UK: http://www.mirrorservice.org My
    >> posts (including this one) are my copyright and if @diy_forums on
    >> Twitter wish to tweet them they can pay me £30 a post *lightning surge
    >> protection* - a w_tom conductor

    >
    > That's more what I was looking for, a log/list of IP addresses connected
    > or trying to connect. I could ARP poison myself and monitor the traffic
    > with Wireshark but that can get messy.
    > I was looking for a way the do it within Freepbx. As you say there
    > probably is a verbose type command that will make Freepbx spit it out.
    > Where is the messages log file you are looking at located ??


    On my system, /var/log/asterisk

    --
    Use the BIG mirror service in the UK: http://www.mirrorservice.org
    My posts (including this one) are my copyright and if @diy_forums on
    Twitter wish to tweet them they can pay me £30 a post
    *lightning surge protection* - a w_tom conductor
     
    Bob Eager, Oct 16, 2013
    #6
  7. Dave

    Dave Guest

    "Bob Eager" <> wrote in message
    news:...
    > On Wed, 16 Oct 2013 12:51:18 +0100, Dave wrote:
    >
    >> "Bob Eager" <> wrote in message
    >> news:...
    >>> On Wed, 16 Oct 2013 12:33:04 +0100, Dave wrote:
    >>>
    >>>> "Bob Eager" <> wrote in message
    >>>> news:...
    >>>>> On Wed, 16 Oct 2013 11:22:08 +0100, Dave wrote:
    >>>>>
    >>>>>> Hello, I've noticed some level traffic about 5k in, I just wondered
    >>>>>> if someone is trying to hack in. I have the box 'open' UDP
    >>>>>> 10001-20000 and forwarding a 'hidden' port to 5060.
    >>>>>> Closing these ports I still get this 'noise' it could be normal SIP
    >>>>>> traffic but the box this happens when the box is used i.e. no calls
    >>>>>> in use ??...
    >>>>>
    >>>>> Look at the logfiles?
    >>>>>
    >>>>>
    >>>>>
    >>>>> --
    >>>>> Use the BIG mirror service in the UK: http://www.mirrorservice.org My
    >>>>> posts (including this one) are my copyright and if @diy_forums on
    >>>>> Twitter wish to tweet them they can pay me £30 a post *lightning
    >>>>> surge protection* - a w_tom conductor
    >>>>
    >>>> Nothing of note in the 'Reports' FULL log files in the security log
    >>>> I'm seeing this :-
    >>>>
    >>>> [2013-10-16 12:29:47] SECURITY[3083] res_security_log.c:
    >>>>
    >>>

    > SecurityEvent="SuccessfulAuth",EventTV="1381922987-13205",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/
    >>> TCP/0.0.0.0/5038",RemoteAddress="IPV4/
    >>> TCP/127.0.0.1/56491",UsingPassword="0",SessionTV="1381922987-13170"
    >>>> [2013-10-16 12:29:55] SECURITY[3083] res_security_log.c:
    >>>>
    >>>

    > SecurityEvent="SuccessfulAuth",EventTV="1381922995-359897",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/
    >>> TCP/0.0.0.0/5038",RemoteAddress="IPV4/
    >>> TCP/127.0.0.1/56492",UsingPassword="0",SessionTV="1381922995-359860"
    >>>> [2013-10-16 12:30:01] SECURITY[3083] res_security_log.c:
    >>>>
    >>>

    > SecurityEvent="SuccessfulAuth",EventTV="1381923001-122030",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/
    >>> TCP/0.0.0.0/5038",RemoteAddress="IPV4/
    >>> TCP/127.0.0.1/56493",UsingPassword="0",SessionTV="1381923001-121994"
    >>>> [2013-10-16 12:30:38] SECURITY[3083] res_security_log.c:
    >>>>
    >>>

    > SecurityEvent="SuccessfulAuth",EventTV="1381923038-486944",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/
    >>> TCP/0.0.0.0/5038",RemoteAddress="IPV4/
    >>> TCP/127.0.0.1/56494",UsingPassword="0",SessionTV="1381923038-486910"
    >>>> [2013-10-16 12:31:02] SECURITY[3083] res_security_log.c:
    >>>>
    >>>

    > SecurityEvent="SuccessfulAuth",EventTV="1381923062-742027",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/
    >>> TCP/0.0.0.0/5038",RemoteAddress="IPV4/
    >>> TCP/127.0.0.1/56495",UsingPassword="0",SessionTV="1381923062-741991"
    >>>>
    >>>>
    >>>> ??? Anywhere else I can look at ...
    >>>> Dave
    >>>
    >>>
    >>> I use bog standard Asterisk, and have a 'messages' log file and a
    >>> 'verbose' log file. They record every IP address that fails to
    >>> register/
    >>> whatever, and I get emailed about repeated attempts. It also tells the
    >>> firewall to do a temporary block.
    >>>
    >>> Can't say how this maps to freepbx I'm afraid...you might have to alter
    >>> logging verbosity levels to see if anything shows up. Or perhaps
    >>> firewall logs.
    >>>
    >>>
    >>> --
    >>> Use the BIG mirror service in the UK: http://www.mirrorservice.org My
    >>> posts (including this one) are my copyright and if @diy_forums on
    >>> Twitter wish to tweet them they can pay me £30 a post *lightning surge
    >>> protection* - a w_tom conductor

    >>
    >> That's more what I was looking for, a log/list of IP addresses connected
    >> or trying to connect. I could ARP poison myself and monitor the traffic
    >> with Wireshark but that can get messy.
    >> I was looking for a way the do it within Freepbx. As you say there
    >> probably is a verbose type command that will make Freepbx spit it out.
    >> Where is the messages log file you are looking at located ??

    >
    > On my system, /var/log/asterisk
    >
    > --
    > Use the BIG mirror service in the UK: http://www.mirrorservice.org
    > My posts (including this one) are my copyright and if @diy_forums on
    > Twitter wish to tweet them they can pay me £30 a post
    > *lightning surge protection* - a w_tom conductor


    Ah ok, same on Freepbx, of course, looks like the same as I get via the gui
    reports-asterisk logs ...
    I'll see if I gleen anything !
     
    Dave, Oct 16, 2013
    #7
  8. Dave

    Dave Guest

    "Jono" <> wrote in message
    news:...
    > Dave wrote on 16/10/2013 :
    >> Hello, I've noticed some level traffic about 5k in, I just wondered if
    >> someone is trying to hack in. I have the box 'open' UDP 10001-20000 and
    >> forwarding a 'hidden' port to 5060.
    >> Closing these ports I still get this 'noise' it could be normal SIP
    >> traffic but the box this happens when the box is used i.e. no calls in
    >> use ??...

    >
    > You shouldn't need to forward ANY ports WHATSOEVER to use Freepbx.
    >
    >

    I have an external extension ... with a mega long password :)
     
    Dave, Oct 16, 2013
    #8
  9. Dave

    Dave Guest

    "Jono" <> wrote in message
    news:...
    > After serious thinking Dave wrote :
    >>
    >> "Jono" <> wrote in message
    >> news:...
    >>> Dave formulated the question :
    >>>>
    >>>> "Jono" <> wrote in message
    >>>> news:...
    >>>>> Dave wrote on 16/10/2013 :
    >>>>>> Hello, I've noticed some level traffic about 5k in, I just wondered
    >>>>>> if someone is trying to hack in. I have the box 'open' UDP
    >>>>>> 10001-20000 and forwarding a 'hidden' port to 5060.
    >>>>>> Closing these ports I still get this 'noise' it could be normal SIP
    >>>>>> traffic but the box this happens when the box is used i.e. no calls
    >>>>>> in use ??...
    >>>>>
    >>>>> You shouldn't need to forward ANY ports WHATSOEVER to use Freepbx.
    >>>>>
    >>>>>
    >>>> I have an external extension ... with a mega long password :)
    >>>
    >>> Nevertheless. Use a different method to connect it. There is no reason
    >>> to expose Freepbx.
    >>>
    >>>

    >> ok, any other suggestion, please ?

    >
    > VPN?
    >
    > What's the remote device make & model?
    >
    >

    cSipsimple on a phone. Good idea, VPN - thanks ! Tried it a long while ago
    but it kept logging out .......
     
    Dave, Oct 16, 2013
    #9
  10. Dave

    Dave Guest

    "Jono" <> wrote in message
    news:...
    > on 16/10/2013, Dave supposed :
    >>
    >> "Jono" <> wrote in message
    >> news:...
    >>> After serious thinking Dave wrote :
    >>>>
    >>>> "Jono" <> wrote in message
    >>>> news:...
    >>>>> Dave formulated the question :
    >>>>>>
    >>>>>> "Jono" <> wrote in message
    >>>>>> news:...
    >>>>>>> Dave wrote on 16/10/2013 :
    >>>>>>>> Hello, I've noticed some level traffic about 5k in, I just wondered
    >>>>>>>> if someone is trying to hack in. I have the box 'open' UDP
    >>>>>>>> 10001-20000 and forwarding a 'hidden' port to 5060.
    >>>>>>>> Closing these ports I still get this 'noise' it could be normal SIP
    >>>>>>>> traffic but the box this happens when the box is used i.e. no calls
    >>>>>>>> in use ??...
    >>>>>>>
    >>>>>>> You shouldn't need to forward ANY ports WHATSOEVER to use Freepbx.
    >>>>>>>
    >>>>>>>
    >>>>>> I have an external extension ... with a mega long password :)
    >>>>>
    >>>>> Nevertheless. Use a different method to connect it. There is no reason
    >>>>> to expose Freepbx.
    >>>>>
    >>>>>
    >>>> ok, any other suggestion, please ?
    >>>
    >>> VPN?
    >>>
    >>> What's the remote device make & model?
    >>>
    >>>

    >> cSipsimple on a phone. Good idea, VPN - thanks ! Tried it a long while
    >> ago but it kept logging out .......

    >
    > Android then?
    >
    >

    Yes S3 and a half , with VPN ;-). I'm just setting it up now. It won't
    connect 'from within' though ...
     
    Dave, Oct 16, 2013
    #10
  11. Dave

    Dave Guest

    "Jono" <> wrote in message
    news:...
    > on 16/10/2013, Dave supposed :
    >>
    >> "Jono" <> wrote in message
    >> news:...
    >>> After serious thinking Dave wrote :
    >>>>
    >>>> "Jono" <> wrote in message
    >>>> news:...
    >>>>> Dave formulated the question :
    >>>>>>
    >>>>>> "Jono" <> wrote in message
    >>>>>> news:...
    >>>>>>> Dave wrote on 16/10/2013 :
    >>>>>>>> Hello, I've noticed some level traffic about 5k in, I just wondered
    >>>>>>>> if someone is trying to hack in. I have the box 'open' UDP
    >>>>>>>> 10001-20000 and forwarding a 'hidden' port to 5060.
    >>>>>>>> Closing these ports I still get this 'noise' it could be normal SIP
    >>>>>>>> traffic but the box this happens when the box is used i.e. no calls
    >>>>>>>> in use ??...
    >>>>>>>
    >>>>>>> You shouldn't need to forward ANY ports WHATSOEVER to use Freepbx.
    >>>>>>>
    >>>>>>>
    >>>>>> I have an external extension ... with a mega long password :)
    >>>>>
    >>>>> Nevertheless. Use a different method to connect it. There is no reason
    >>>>> to expose Freepbx.
    >>>>>
    >>>>>
    >>>> ok, any other suggestion, please ?
    >>>
    >>> VPN?
    >>>
    >>> What's the remote device make & model?
    >>>
    >>>

    >> cSipsimple on a phone. Good idea, VPN - thanks ! Tried it a long while
    >> ago but it kept logging out .......

    >
    > Android then?
    >


    Any ideas (apps) for directing SIP over VPN only, rather than all traffic ?.
    Dave.
     
    Dave, Oct 16, 2013
    #11
  12. Dave

    Dave Guest

    "Jono" <> wrote in message
    news:...
    > Dave was thinking very hard :
    >>
    >> "Jono" <> wrote in message
    >> news:...
    >>> on 16/10/2013, Dave supposed :
    >>>>
    >>>> "Jono" <> wrote in message
    >>>> news:...
    >>>>> After serious thinking Dave wrote :
    >>>>>>
    >>>>>> "Jono" <> wrote in message
    >>>>>> news:...
    >>>>>>> Dave formulated the question :
    >>>>>>>>
    >>>>>>>> "Jono" <> wrote in message
    >>>>>>>> news:...
    >>>>>>>>> Dave wrote on 16/10/2013 :
    >>>>>>>>>> Hello, I've noticed some level traffic about 5k in, I just
    >>>>>>>>>> wondered if someone is trying to hack in. I have the box 'open'
    >>>>>>>>>> UDP 10001-20000 and forwarding a 'hidden' port to 5060.
    >>>>>>>>>> Closing these ports I still get this 'noise' it could be normal
    >>>>>>>>>> SIP traffic but the box this happens when the box is used i.e. no
    >>>>>>>>>> calls in use ??...
    >>>>>>>>>
    >>>>>>>>> You shouldn't need to forward ANY ports WHATSOEVER to use Freepbx.
    >>>>>>>>>
    >>>>>>>>>
    >>>>>>>> I have an external extension ... with a mega long password :)
    >>>>>>>
    >>>>>>> Nevertheless. Use a different method to connect it. There is no
    >>>>>>> reason to expose Freepbx.
    >>>>>>>
    >>>>>>>
    >>>>>> ok, any other suggestion, please ?
    >>>>>
    >>>>> VPN?
    >>>>>
    >>>>> What's the remote device make & model?
    >>>>>
    >>>>>
    >>>> cSipsimple on a phone. Good idea, VPN - thanks ! Tried it a long while
    >>>> ago but it kept logging out .......
    >>>
    >>> Android then?
    >>>

    >>
    >> Any ideas (apps) for directing SIP over VPN only, rather than all traffic
    >> ?.
    >> Dave.

    >
    > Well...I use a Fortigate router and its Android SSL VPN client can be
    > configured to not use the remote default gateway.


    Wow, I thought Draytek's were pricey ! I'm all secured now - no port
    forwarding at all. I'll test the VPN when I'm out on the external side of
    the router I can't VPN in from the inside.
     
    Dave, Oct 16, 2013
    #12
  13. Dave

    Bob Eager Guest

    On Wed, 16 Oct 2013 13:30:07 +0100, Dave wrote:

    > "Bob Eager" <> wrote in message
    > news:...
    >> On Wed, 16 Oct 2013 12:51:18 +0100, Dave wrote:
    >>
    >>> "Bob Eager" <> wrote in message
    >>> news:...
    >>>> On Wed, 16 Oct 2013 12:33:04 +0100, Dave wrote:
    >>>>
    >>>>> "Bob Eager" <> wrote in message
    >>>>> news:...
    >>>>>> On Wed, 16 Oct 2013 11:22:08 +0100, Dave wrote:
    >>>>>>
    >>>>>>> Hello, I've noticed some level traffic about 5k in, I just
    >>>>>>> wondered if someone is trying to hack in. I have the box 'open'
    >>>>>>> UDP 10001-20000 and forwarding a 'hidden' port to 5060.
    >>>>>>> Closing these ports I still get this 'noise' it could be normal
    >>>>>>> SIP traffic but the box this happens when the box is used i.e. no
    >>>>>>> calls in use ??...
    >>>>>>
    >>>>>> Look at the logfiles?
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>> --
    >>>>>> Use the BIG mirror service in the UK: http://www.mirrorservice.org
    >>>>>> My posts (including this one) are my copyright and if @diy_forums
    >>>>>> on Twitter wish to tweet them they can pay me £30 a post *lightning
    >>>>>> surge protection* - a w_tom conductor
    >>>>>
    >>>>> Nothing of note in the 'Reports' FULL log files in the security log
    >>>>> I'm seeing this :-
    >>>>>
    >>>>> [2013-10-16 12:29:47] SECURITY[3083] res_security_log.c:
    >>>>>
    >>>>>

    >>

    SecurityEvent="SuccessfulAuth",EventTV="1381922987-13205",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/
    >>>> TCP/0.0.0.0/5038",RemoteAddress="IPV4/
    >>>> TCP/127.0.0.1/56491",UsingPassword="0",SessionTV="1381922987-13170"
    >>>>> [2013-10-16 12:29:55] SECURITY[3083] res_security_log.c:
    >>>>>
    >>>>>

    >>

    SecurityEvent="SuccessfulAuth",EventTV="1381922995-359897",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/
    >>>> TCP/0.0.0.0/5038",RemoteAddress="IPV4/
    >>>> TCP/127.0.0.1/56492",UsingPassword="0",SessionTV="1381922995-359860"
    >>>>> [2013-10-16 12:30:01] SECURITY[3083] res_security_log.c:
    >>>>>
    >>>>>

    >>

    SecurityEvent="SuccessfulAuth",EventTV="1381923001-122030",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/
    >>>> TCP/0.0.0.0/5038",RemoteAddress="IPV4/
    >>>> TCP/127.0.0.1/56493",UsingPassword="0",SessionTV="1381923001-121994"
    >>>>> [2013-10-16 12:30:38] SECURITY[3083] res_security_log.c:
    >>>>>
    >>>>>

    >>

    SecurityEvent="SuccessfulAuth",EventTV="1381923038-486944",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/
    >>>> TCP/0.0.0.0/5038",RemoteAddress="IPV4/
    >>>> TCP/127.0.0.1/56494",UsingPassword="0",SessionTV="1381923038-486910"
    >>>>> [2013-10-16 12:31:02] SECURITY[3083] res_security_log.c:
    >>>>>
    >>>>>

    >>

    SecurityEvent="SuccessfulAuth",EventTV="1381923062-742027",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/
    >>>> TCP/0.0.0.0/5038",RemoteAddress="IPV4/
    >>>> TCP/127.0.0.1/56495",UsingPassword="0",SessionTV="1381923062-741991"
    >>>>>
    >>>>>
    >>>>> ??? Anywhere else I can look at ...
    >>>>> Dave
    >>>>
    >>>>
    >>>> I use bog standard Asterisk, and have a 'messages' log file and a
    >>>> 'verbose' log file. They record every IP address that fails to
    >>>> register/
    >>>> whatever, and I get emailed about repeated attempts. It also tells
    >>>> the firewall to do a temporary block.
    >>>>
    >>>> Can't say how this maps to freepbx I'm afraid...you might have to
    >>>> alter logging verbosity levels to see if anything shows up. Or
    >>>> perhaps firewall logs.
    >>>>
    >>>>
    >>>> --
    >>>> Use the BIG mirror service in the UK: http://www.mirrorservice.org My
    >>>> posts (including this one) are my copyright and if @diy_forums on
    >>>> Twitter wish to tweet them they can pay me £30 a post *lightning
    >>>> surge protection* - a w_tom conductor
    >>>
    >>> That's more what I was looking for, a log/list of IP addresses
    >>> connected or trying to connect. I could ARP poison myself and monitor
    >>> the traffic with Wireshark but that can get messy.
    >>> I was looking for a way the do it within Freepbx. As you say there
    >>> probably is a verbose type command that will make Freepbx spit it out.
    >>> Where is the messages log file you are looking at located ??

    >>
    >> On my system, /var/log/asterisk
    >>
    >> --
    >> Use the BIG mirror service in the UK: http://www.mirrorservice.org My
    >> posts (including this one) are my copyright and if @diy_forums on
    >> Twitter wish to tweet them they can pay me £30 a post *lightning surge
    >> protection* - a w_tom conductor

    >
    > Ah ok, same on Freepbx, of course, looks like the same as I get via the
    > gui reports-asterisk logs ...
    > I'll see if I gleen anything !


    Wind up the verbosity level a bit.
    --
    Use the BIG mirror service in the UK: http://www.mirrorservice.org
    My posts (including this one) are my copyright and if @diy_forums on
    Twitter wish to tweet them they can pay me £30 a post
    *lightning surge protection* - a w_tom conductor
     
    Bob Eager, Oct 16, 2013
    #13
  14. Dave

    Dave Guest

    "Jono" <> wrote in message
    news:...
    > Dave used his keyboard to write :
    >
    >>>>
    >>>> Any ideas (apps) for directing SIP over VPN only, rather than all
    >>>> traffic ?.
    >>>> Dave.
    >>>
    >>> Well...I use a Fortigate router and its Android SSL VPN client can be
    >>> configured to not use the remote default gateway.

    >>
    >> Wow, I thought Draytek's were pricey !

    >
    > Indeed. I've a Draytek at home. The Fortigate's doing the routing for
    > leased line at the office which my Android connects to. There's also a
    > Draytek hanging off it which allows the two Drayteks to do a LAN-LAN
    > VPN...which allows me to VPN from
    > Android=>Fortigate=>Draytek=>Draytek=>Home FreePBX...if I want (never
    > do....just set it up because I could)
    >
    > I can't abide the Fortigate's interface, so, after half an hour trying to
    > LAN-LAN a Fortigate <=> Draytek, I gave up.
    >
    >> I'm all secured now - no port forwarding at all.

    >
    > Best way.
    >
    >> I'll test the VPN when I'm out on the external side of the router I can't
    >> VPN in from the inside.

    >
    > I bet you could if you read up on static routes for the Draytek.
    >
    >


    You made me remember now statics routes etc - thanks ,

    What would be the best way to VPN in for an external extension LAN-LAN,
    Teleworker, etc I'm not sure on the best way ?

    ..
     
    Dave, Oct 17, 2013
    #14
  15. Dave

    Dave Guest

    "Jono" <> wrote in message
    news:...
    > Dave explained :
    >
    >>
    >> You made me remember now statics routes etc - thanks ,
    >>
    >> What would be the best way to VPN in for an external extension LAN-LAN,
    >> Teleworker, etc I'm not sure on the best way ?
    >>
    >> .

    >
    > A Draytek at both ends handling the VPN tunnel.
    >
    >


    Ah ok, I'm trying to connect in via VPN on my phone. All connects ok,
    internet access and can see the router but not the FreePBX box, this is via
    a basic 'teleworker' setup. I was this would work, so inpricipal I could
    have a remote extension via wifi or 3G...

    Dave
     
    Dave, Oct 19, 2013
    #15
  16. Dave

    Graham J Guest

    Dave wrote:
    >
    >
    > "Jono" <> wrote in message
    > news:...
    >> Dave explained :
    >>
    >>>
    >>> You made me remember now statics routes etc - thanks ,
    >>>
    >>> What would be the best way to VPN in for an external extension
    >>> LAN-LAN, Teleworker, etc I'm not sure on the best way ?
    >>>
    >>> .

    >>
    >> A Draytek at both ends handling the VPN tunnel.
    >>
    >>

    >
    > Ah ok, I'm trying to connect in via VPN on my phone. All connects ok,
    > internet access and can see the router but not the FreePBX box, this is
    > via a basic 'teleworker' setup. I was this would work, so inpricipal I
    > could have a remote extension via wifi or 3G...


    The teleworker setup should assign an address on the LAN to the remote
    device (your phone). So you should be able to ping all the devices on
    the LAN. Do you have ping on your phone?

    Try it with a PC as the teleworker client; that way you have the full
    range of command line tools to check the connectivity.

    What protocol & ports are used by the phone to connect to the FreePBX
    box? Are these ports carried through the VPN?

    --
    Graham J
     
    Graham J, Oct 19, 2013
    #16
  17. Dave

    Dave Guest

    "Graham J" <graham@invalid> wrote in message
    news:52629e81$0$1182$...
    > Dave wrote:
    >>
    >>
    >> "Jono" <> wrote in message
    >> news:...
    >>> Dave explained :
    >>>
    >>>>
    >>>> You made me remember now statics routes etc - thanks ,
    >>>>
    >>>> What would be the best way to VPN in for an external extension
    >>>> LAN-LAN, Teleworker, etc I'm not sure on the best way ?
    >>>>
    >>>> .
    >>>
    >>> A Draytek at both ends handling the VPN tunnel.
    >>>
    >>>

    >>
    >> Ah ok, I'm trying to connect in via VPN on my phone. All connects ok,
    >> internet access and can see the router but not the FreePBX box, this is
    >> via a basic 'teleworker' setup. I was this would work, so inpricipal I
    >> could have a remote extension via wifi or 3G...

    >
    > The teleworker setup should assign an address on the LAN to the remote
    > device (your phone). So you should be able to ping all the devices on the
    > LAN. Do you have ping on your phone?
    >
    > Try it with a PC as the teleworker client; that way you have the full
    > range of command line tools to check the connectivity.
    >
    > What protocol & ports are used by the phone to connect to the FreePBX box?
    > Are these ports carried through the VPN?
    >
    > --
    > Graham J
    >

    Yes that's what I thought, I get assigned a IP address - 192.168.1.200 I set
    as 'IP Address Assignment for Dial-In Users'. I'll try and VPN in with the
    laptop some time, I should have PING on the phone, if not I'll get one!.
    Protocol is SIP and port 5060. All works perfectly from the inside IP set to
    192.168.1.12 so can't really see why it won't work via the VPN which seems
    to working ok ??

    Dave.
     
    Dave, Oct 19, 2013
    #17
  18. Dave

    Dave Guest

    "Jono" <> wrote in message
    news:...
    > Dave explained :
    >>
    >> "Graham J" <graham@invalid> wrote in message
    >> news:52629e81$0$1182$...
    >>> Dave wrote:
    >>>>
    >>>>
    >>>> "Jono" <> wrote in message
    >>>> news:...
    >>>>> Dave explained :
    >>>>>
    >>>>>>
    >>>>>> You made me remember now statics routes etc - thanks ,
    >>>>>>
    >>>>>> What would be the best way to VPN in for an external extension
    >>>>>> LAN-LAN, Teleworker, etc I'm not sure on the best way ?
    >>>>>>
    >>>>>> .
    >>>>>
    >>>>> A Draytek at both ends handling the VPN tunnel.
    >>>>>
    >>>>>
    >>>>
    >>>> Ah ok, I'm trying to connect in via VPN on my phone. All connects ok,
    >>>> internet access and can see the router but not the FreePBX box, this is
    >>>> via a basic 'teleworker' setup. I was this would work, so inpricipal I
    >>>> could have a remote extension via wifi or 3G...
    >>>
    >>> The teleworker setup should assign an address on the LAN to the remote
    >>> device (your phone). So you should be able to ping all the devices on
    >>> the LAN. Do you have ping on your phone?
    >>>
    >>> Try it with a PC as the teleworker client; that way you have the full
    >>> range of command line tools to check the connectivity.
    >>>
    >>> What protocol & ports are used by the phone to connect to the FreePBX
    >>> box? Are these ports carried through the VPN?
    >>>
    >>> -- Graham J
    >>>

    >> Yes that's what I thought, I get assigned a IP address - 192.168.1.200 I
    >> set as 'IP Address Assignment for Dial-In Users'. I'll try and VPN in
    >> with the laptop some time, I should have PING on the phone, if not I'll
    >> get one!. Protocol is SIP and port 5060. All works perfectly from the
    >> inside IP set to 192.168.1.12 so can't really see why it won't work via
    >> the VPN which seems to working ok ??
    >>
    >> Dave.

    >
    > Make sure you disable SIP ALG on the Draytek.
    >
    > Do you see the registration attempt in the Asterisk logs?
    >
    >


    SIP_ALG is off - no sound with in on

    No registration attempts in the logs
     
    Dave, Oct 19, 2013
    #18
  19. Dave

    Dave Guest

    "Jono" <> wrote in message
    news:...
    > Dave brought next idea :
    >>
    >> "Jono" <> wrote in message
    >> news:...
    >>> Dave explained :
    >>>
    >>>>
    >>>> You made me remember now statics routes etc - thanks ,
    >>>>
    >>>> What would be the best way to VPN in for an external extension LAN-LAN,
    >>>> Teleworker, etc I'm not sure on the best way ?
    >>>>
    >>>> .
    >>>
    >>> A Draytek at both ends handling the VPN tunnel.
    >>>
    >>>

    >>
    >> Ah ok, I'm trying to connect in via VPN on my phone. All connects ok,
    >> internet access and can see the router but not the FreePBX box, this is
    >> via a basic 'teleworker' setup. I was this would work, so inpricipal I
    >> could have a remote extension via wifi or 3G...
    >>
    >> Dave

    >
    > That's not, strictly speaking, LAN-LAN, even though you're inside one LAN,
    > connecting via VPN to another.
    >
    > Anyway, what's the LAN IP Address range of the WiFi network you're VPNing
    > from? (It needs to be different from the one on your Draytek.)
    >
    >

    I tested on a public wifi - Exeter services ! and on a BT broadband account
    so unsure of the IP address range, sorry to be vague.
     
    Dave, Oct 19, 2013
    #19
  20. Dave

    Dave Guest

    "Jono" <> wrote in message
    news:...
    > Dave brought next idea :
    >>
    >> "Jono" <> wrote in message
    >> news:...
    >>> Dave explained :
    >>>
    >>>>
    >>>> You made me remember now statics routes etc - thanks ,
    >>>>
    >>>> What would be the best way to VPN in for an external extension LAN-LAN,
    >>>> Teleworker, etc I'm not sure on the best way ?
    >>>>
    >>>> .
    >>>
    >>> A Draytek at both ends handling the VPN tunnel.
    >>>
    >>>

    >>
    >> Ah ok, I'm trying to connect in via VPN on my phone. All connects ok,
    >> internet access and can see the router but not the FreePBX box, this is
    >> via a basic 'teleworker' setup. I was this would work, so inpricipal I
    >> could have a remote extension via wifi or 3G...
    >>
    >> Dave

    >
    > That's not, strictly speaking, LAN-LAN, even though you're inside one LAN,
    > connecting via VPN to another.
    >
    > Anyway, what's the LAN IP Address range of the WiFi network you're VPNing
    > from? (It needs to be different from the one on your Draytek.)
    >
    >


    One thing that has just accused to me, I'm I trying to connect the correct
    IP address ?. How I connect from within the network the address is
    192.168.1.12 - FreePBX and 192.168.1.1 - Draytek router. Is this the same
    over the VPN ? - or I'm I just getting confused !
     
    Dave, Oct 19, 2013
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    0
    Views:
    779
  2. Learning Cisco
    Replies:
    3
    Views:
    2,198
    Walter Roberson
    Oct 15, 2005
  3. linker3000
    Replies:
    1
    Views:
    808
    paul123
    Jul 25, 2006
  4. zillah
    Replies:
    0
    Views:
    732
    zillah
    Nov 9, 2006
  5. Fred Atkinson

    Level 14 Privilege Level

    Fred Atkinson, Feb 22, 2007, in forum: Cisco
    Replies:
    10
    Views:
    1,995
    Trendkill
    Feb 26, 2007
Loading...

Share This Page