Adtran
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
seanm
New Contributor
‎02-07-2013 08:18 AM

Sip user-registration

Jump to solution

I have a customer that called in stating they are intermittently unable to make calls.  I logged into their 908 and I see an error message that continuously scrolls in my session.  Below is the error message I am seeing.  I also noticed that there are 4 sip user extensions that have been created.  The customer claims they are going out the t1 0/3 interfce to a shoretel 220T1A.  I'm not very familiar with that product, but he claims he is going out of it analog and has no softphones connected on his side.  I deleted the 4 users that were created yesterday, but 4 different ones have created this morning.

Error message

2013.02.07 08:53:15 SIP.STACK ERROR  MSGBUILDER   SIP Pre-Parser Error (UDP) :

Sip users

EXTENSION  TYPE                           IP ADDRESS       PORT  PROT EXPIRES

---------- ------------------------------ ---------------- ----- ---- -------

556624101  (Unknown)                      198.175.125.108  5063  UDP  2491

556624102  (Unknown)                      198.175.125.108  5062  UDP  1879

556624103  (Unknown)                      198.175.125.108  5061  UDP  553

556624104  (Unknown)                      198.175.125.108  5060  UDP  1743

Thank you,

Sean

0 Kudos
Reply
1 Solution

Accepted Solutions
Anonymous
Not applicable
‎02-15-2013 12:13 PM

Re: Sip user-registration

Jump to solution

Seanm,

Thanks for posting!  You may want to check the output of "debug sip stack messages" to see what device is sending SIP messages with errors and also see exactly what is attempting to register to the Adtran unit and when that is occurring.  You may want to check and see if "ip sip registrar" is configured, and if so, disable it with "no ip sip registrar".

One last thing you may want to consider setting up is a SIP access class.  Below is an example.

ip access-list standard My_SIP_Server

  permit host 192.168.1.1

!

ip sip access-class My_SIP_Server in

This configuration example ensures that only SIP traffic from 192.168.1.1 is allowed to reach the unit.  You would of course need to use the IP addresses of your SIP servers in the ACL.  Feel free to respond to this post if you have any questions.

Thanks!

David

View solution in original post

0 Kudos
Reply
6 Replies
Anonymous
Not applicable
‎02-07-2013 08:35 AM

Re: Sip user-registration

Jump to solution

It sounds like the system may have been hacked and someone created SIP extensions to make outbound calls.

Can the system be logged into from the public internet?

Are you using a strong user name and password?

You may want to change the username and password and then delete the SIP users and see if the problem is fixed.

0 Kudos
Accept as Solution Reply
seanm
New Contributor
‎02-07-2013 08:39 AM

Re: Sip user-registration

Jump to solution

Are you referring to my 908e, or the customer's shoretel?  I have no access to their equipment, just our's.  Is there any way to prevent sip users from being created?

0 Kudos
Accept as Solution Reply
Anonymous
Not applicable
‎02-07-2013 08:42 AM

Re: Sip user-registration

Jump to solution

I'm referring to the 908e.

0 Kudos
Accept as Solution Reply
Anonymous
Not applicable
‎02-15-2013 12:13 PM

Re: Sip user-registration

Jump to solution

Seanm,

Thanks for posting!  You may want to check the output of "debug sip stack messages" to see what device is sending SIP messages with errors and also see exactly what is attempting to register to the Adtran unit and when that is occurring.  You may want to check and see if "ip sip registrar" is configured, and if so, disable it with "no ip sip registrar".

One last thing you may want to consider setting up is a SIP access class.  Below is an example.

ip access-list standard My_SIP_Server

  permit host 192.168.1.1

!

ip sip access-class My_SIP_Server in

This configuration example ensures that only SIP traffic from 192.168.1.1 is allowed to reach the unit.  You would of course need to use the IP addresses of your SIP servers in the ACL.  Feel free to respond to this post if you have any questions.

Thanks!

David

0 Kudos
Reply
Anonymous
Not applicable
‎02-22-2013 02:23 PM

Re: Sip user-registration

Jump to solution

Seanm,

I wanted to check back with you to see if you were still experiencing the problem.  If so, feel free to post any follow up questions you may have.  If not, feel free to mark any of the responses as correct or helpful.

Thanks!

David

0 Kudos
Accept as Solution Reply
Anonymous
Not applicable
‎02-28-2013 11:08 AM

Re: Sip user-registration

Jump to solution

Seanm,

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

David


0 Kudos
Accept as Solution Reply