- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Adtran Support Community
- :
- Discussion
- :
- Total Access
- :
- Total Access 900/900e Series
- :
- Re: scanning and attempted sip hacking
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
scanning and attempted sip hacking
I know this has been posted before, but I think this is a rather unique situation. one of my providers is a provider of providers if you will, in that they route through many carriers. So when I try to create an access list for them to block this from happening:
Tx: UDP src=192.192.192.192:5060 dst=192.227.153.226:56221
07:00:15.533 SIP.STACK MSG SIP/2.0 404 Not Found
07:00:15.534 SIP.STACK MSG From: <sip:102@192.192.192.192,>;tag=1160685063
07:00:15.534 SIP.STACK MSG To: <sip:927498772915350@192.192.192.192>;tag=4d0f5a28-7f000001-13c4-38199-903c494b-38199
07:00:15.534 SIP.STACK MSG Call-ID: 1763559016-137564200-1924688624
07:00:15.534 SIP.STACK MSG CSeq: 1 INVITE
07:00:15.534 SIP.STACK MSG Via: SIP/2.0/UDP 0.0.0.0:56221;received=192.227.153.226;branch=z9hG4bK1374599745
07:00:15.534 SIP.STACK MSG Supported: 100rel,replaces
07:00:15.535 SIP.STACK MSG Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, PRACK, REFER, REGISTER
07:00:15.535 SIP.STACK MSG User-Agent: ADTRAN_Total_Access_908e_3rd_Gen/R11.4.4.E
07:00:15.535 SIP.STACK MSG Content-Length: 0
I block all of the carriers behind my carrier. I have the roughly 6 or 7 ip addresses with which to block them and it takes system down.
any other ideas? Carrier is anveodirect
these guys are constantly trying to route calls through my system. my carrier uses dnis for authentication.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Accept as Solution
- Report Inappropriate Content
Re: scanning and attempted sip hacking
can someone have a glance at this config i wrote up, see if this looks like a better solution for locking this down. looks like 5060-5069 was needed for sessions to properly go through, i left the show run voice portion of it out so it would be easier to read. 5.4.3.2 outside 1.2.3.4 inside. Thanks in advance!
hostname "MYADTRANADTRAN"
enable password encrypted
!
license key esbc-trial
!
clock timezone -6-Central-Time
!
ip subnet-zero
ip classless
ip routing
ipv6 unicast-routing
!
!
domain-proxy
name-server 8.8.8.8 4.2.2.2
!
!
no auto-config
auto-config authname adtran encrypted password
!
event-history on
no logging forwarding
no logging email
!
service password-encryption
!
username "admin" password encrypted "000c"
username "enable" password encrypted "000"
!
!
ip firewall
ip firewall stealth
no ip firewall alg msn
no ip firewall alg mszone
no ip firewall alg h323
!
!
!
!
!
!
!
!
no dot11ap access-point-control
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
qos map Voice 10
match dscp 46
priority 800
!
qos map eth0/1QosWizard 20
match dscp 46
shape average 4194304
qos map eth0/1QosWizard 21
match ip list acleth0/1QosWizSignal21
set dscp 26
!
!
!
!
interface eth 0/1
description outside
ip address 5.4.3.2 255.255.255.248
ip access-policy Public
media-gateway ip primary
traffic-shape rate 1000000
max-reserved-bandwidth 100
qos-policy out eth0/1QosWizard
no shutdown
!
!
interface eth 0/2
description inside
ip address 1.2.3.4 255.255.255.0
ip access-policy Private
media-gateway ip primary
no shutdown
!
!
!
!
interface t1 0/1
shutdown
!
interface t1 0/2
shutdown
!
interface t1 0/3
shutdown
!
interface t1 0/4
shutdown
!
!
interface fxs 0/1
no shutdown
!
interface fxs 0/2
no shutdown
!
interface fxs 0/3
no shutdown
!
interface fxs 0/4
no shutdown
!
interface fxs 0/5
no shutdown
!
interface fxs 0/6
no shutdown
!
interface fxs 0/7
no shutdown
!
interface fxs 0/8
no shutdown
!
!
interface fxo 0/0
shutdown
!
!
!
!
!
!
!
!
ip access-list standard admin-list
permit 1.2.3.4.0 0.0.0.255
permit 1.2.3.4 0.0.0.255
!
ip access-list standard sip-access-list
permit host 5.4.3.2
permit 1.2.3.4 0.0.0.255
!
!
ip access-list extended acleth0/1QosWizSignal21
permit udp any any eq 5060-5069
!
ip access-list extended Admin
permit tcp any any eq ssh
permit tcp any any eq https
!
ip access-list extended BLOCK
deny ip 5.62.0.0 0.0.255.255 any log
!
ip access-list extended MatchAll
permit ip any any
!
ip access-list extended SIP
permit udp any any eq 5060-5069
!
!
!
!
ip policy-class Private
allow list MatchAll self
nat source list MatchAll interface eth 0/1 overload
allow list MatchAll self
nat source list MatchAll interface eth 0/1 overload
!
ip policy-class Public
allow list SIP self
allow list Admin self
!
!
!
ip route 0.0.0.0 0.0.0.0 1.2.3.4
!
no tftp server
no tftp server overwrite
no http server
http session-limit 1
http secure-server
no snmp agent
no ip ftp server
no ip scp server
no ip sntp server
!
http ip access-class admin-list in
http ip secure-access-class admin-list in
!
!
!
!
!
!
!
sip
sip udp 5060
no sip tcp
!
!
!
voice feature-mode network
voice transfer-mode local
voice forward-mode network
!
!
!
!
!
!
!
!
!
!
!
!
voice codec-list CodecList
codec g711ulaw
codec g729
!
voice codec-list CodeList
!
voice codec-list G711u
codec g711ulaw
!
!
!
voice trunk T01 type sip (voice trunk config starts here it is fine….. removed)
voice trunking end
!
!
!
!
!
!
!
!
!
sip privacy
!
sip access-class ip "sip-access-list" in
!
!
!
!
!
!
!
!
!
!
no sip prefer double-reinvite
!
!
!
!
!
!
ip rtp symmetric-filter
ip rtp media-anchoring
!
!
ip rtp quality-monitoring
ip rtp quality-monitoring udp
ip rtp quality-monitoring sip
!
line con 0
no login
!
line telnet 0 4
login
password encrypted 444
shutdown
line ssh 0 4
login local-userlist
no shutdown
ip access-class admin-list in
!
!
ntp source ethernet 0/2
ntp peer 216.239.35.4 source ethernet 0/1 prefer
!
!
!
end
MYADTRANADTRAN#
MYADTRANADTRAN#
MYADTRANADTRAN#