Freepbx low level traffic noise ?

Discussion in 'UK VOIP' started by Dave, Oct 16, 2013.

  1. Dave

    Dave Guest

    Hello, I've noticed some level traffic about 5k in, I just wondered if
    someone is trying to hack in. I have the box 'open' UDP 10001-20000 and
    forwarding a 'hidden' port to 5060.
    Closing these ports I still get this 'noise' it could be normal SIP traffic
    but the box this happens when the box is used i.e. no calls in use ??...
     
    Dave, Oct 16, 2013
    #1
    1. Advertisements

  2. Dave

    Bob Eager Guest

    Look at the logfiles?
     
    Bob Eager, Oct 16, 2013
    #2
    1. Advertisements

  3. Dave

    Dave Guest

    Nothing of note in the 'Reports' FULL log files in the security log I'm
    seeing this :-

    [2013-10-16 12:29:47] SECURITY[3083] res_security_log.c:
    SecurityEvent="SuccessfulAuth",EventTV="1381922987-13205",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/TCP/0.0.0.0/5038",RemoteAddress="IPV4/TCP/127.0.0.1/56491",UsingPassword="0",SessionTV="1381922987-13170"
    [2013-10-16 12:29:55] SECURITY[3083] res_security_log.c:
    SecurityEvent="SuccessfulAuth",EventTV="1381922995-359897",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/TCP/0.0.0.0/5038",RemoteAddress="IPV4/TCP/127.0.0.1/56492",UsingPassword="0",SessionTV="1381922995-359860"
    [2013-10-16 12:30:01] SECURITY[3083] res_security_log.c:
    SecurityEvent="SuccessfulAuth",EventTV="1381923001-122030",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/TCP/0.0.0.0/5038",RemoteAddress="IPV4/TCP/127.0.0.1/56493",UsingPassword="0",SessionTV="1381923001-121994"
    [2013-10-16 12:30:38] SECURITY[3083] res_security_log.c:
    SecurityEvent="SuccessfulAuth",EventTV="1381923038-486944",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/TCP/0.0.0.0/5038",RemoteAddress="IPV4/TCP/127.0.0.1/56494",UsingPassword="0",SessionTV="1381923038-486910"
    [2013-10-16 12:31:02] SECURITY[3083] res_security_log.c:
    SecurityEvent="SuccessfulAuth",EventTV="1381923062-742027",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1c124bc",LocalAddress="IPV4/TCP/0.0.0.0/5038",RemoteAddress="IPV4/TCP/127.0.0.1/56495",UsingPassword="0",SessionTV="1381923062-741991"


    ??? Anywhere else I can look at ...
    Dave
     
    Dave, Oct 16, 2013
    #3
  4. Dave

    Bob Eager Guest


    I use bog standard Asterisk, and have a 'messages' log file and a
    'verbose' log file. They record every IP address that fails to register/
    whatever, and I get emailed about repeated attempts. It also tells the
    firewall to do a temporary block.

    Can't say how this maps to freepbx I'm afraid...you might have to alter
    logging verbosity levels to see if anything shows up. Or perhaps firewall
    logs.
     
    Bob Eager, Oct 16, 2013
    #4
  5. Dave

    Dave Guest

    That's more what I was looking for, a log/list of IP addresses connected or
    trying to connect. I could ARP poison myself and monitor the traffic with
    Wireshark but that can get messy.
    I was looking for a way the do it within Freepbx. As you say there probably
    is a verbose type command that will make Freepbx spit it out. Where is the
    messages log file you are looking at located ??
     
    Dave, Oct 16, 2013
    #5
  6. Dave

    Bob Eager Guest

    On my system, /var/log/asterisk
     
    Bob Eager, Oct 16, 2013
    #6
  7. Dave

    Dave Guest

    Ah ok, same on Freepbx, of course, looks like the same as I get via the gui
    reports-asterisk logs ...
    I'll see if I gleen anything !
     
    Dave, Oct 16, 2013
    #7
  8. Dave

    Dave Guest

    I have an external extension ... with a mega long password :)
     
    Dave, Oct 16, 2013
    #8
  9. Dave

    Dave Guest

    cSipsimple on a phone. Good idea, VPN - thanks ! Tried it a long while ago
    but it kept logging out .......
     
    Dave, Oct 16, 2013
    #9
  10. Dave

    Dave Guest

    Yes S3 and a half , with VPN ;-). I'm just setting it up now. It won't
    connect 'from within' though ...
     
    Dave, Oct 16, 2013
    #10
  11. Dave

    Dave Guest

    Any ideas (apps) for directing SIP over VPN only, rather than all traffic ?.
    Dave.
     
    Dave, Oct 16, 2013
    #11
  12. Dave

    Dave Guest

    Wow, I thought Draytek's were pricey ! I'm all secured now - no port
    forwarding at all. I'll test the VPN when I'm out on the external side of
    the router I can't VPN in from the inside.
     
    Dave, Oct 16, 2013
    #12
  13. Dave

    Bob Eager Guest

    Wind up the verbosity level a bit.
     
    Bob Eager, Oct 16, 2013
    #13
  14. Dave

    Dave Guest

    You made me remember now statics routes etc - thanks ,

    What would be the best way to VPN in for an external extension LAN-LAN,
    Teleworker, etc I'm not sure on the best way ?

    ..
     
    Dave, Oct 17, 2013
    #14
  15. Dave

    Dave Guest

    Ah ok, I'm trying to connect in via VPN on my phone. All connects ok,
    internet access and can see the router but not the FreePBX box, this is via
    a basic 'teleworker' setup. I was this would work, so inpricipal I could
    have a remote extension via wifi or 3G...

    Dave
     
    Dave, Oct 19, 2013
    #15
  16. Dave

    Graham J Guest

    The teleworker setup should assign an address on the LAN to the remote
    device (your phone). So you should be able to ping all the devices on
    the LAN. Do you have ping on your phone?

    Try it with a PC as the teleworker client; that way you have the full
    range of command line tools to check the connectivity.

    What protocol & ports are used by the phone to connect to the FreePBX
    box? Are these ports carried through the VPN?
     
    Graham J, Oct 19, 2013
    #16
  17. Dave

    Dave Guest

    Yes that's what I thought, I get assigned a IP address - 192.168.1.200 I set
    as 'IP Address Assignment for Dial-In Users'. I'll try and VPN in with the
    laptop some time, I should have PING on the phone, if not I'll get one!.
    Protocol is SIP and port 5060. All works perfectly from the inside IP set to
    192.168.1.12 so can't really see why it won't work via the VPN which seems
    to working ok ??

    Dave.
     
    Dave, Oct 19, 2013
    #17
  18. Dave

    Dave Guest

    SIP_ALG is off - no sound with in on

    No registration attempts in the logs
     
    Dave, Oct 19, 2013
    #18
  19. Dave

    Dave Guest

    I tested on a public wifi - Exeter services ! and on a BT broadband account
    so unsure of the IP address range, sorry to be vague.
     
    Dave, Oct 19, 2013
    #19
  20. Dave

    Dave Guest

    One thing that has just accused to me, I'm I trying to connect the correct
    IP address ?. How I connect from within the network the address is
    192.168.1.12 - FreePBX and 192.168.1.1 - Draytek router. Is this the same
    over the VPN ? - or I'm I just getting confused !
     
    Dave, Oct 19, 2013
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.