Quantcast
Channel: General Help - FreePBX Community Forums
Viewing all articles
Browse latest Browse all 12590

Assistance request - Possible virus on PBX

$
0
0

@probegtze wrote:

Hi!

I need assistance figuring out what is happening on my PBX.

I recently changed my firewall/Router. We were using a RV042G and upgraded to a Fortigate 60.

At first, the upgrade seemed to cause issues: we had a lot of dropped calls and call quality issues. I ended up disabling SIP ALG in the fortigate and things were better... but not perfect.

I have noticed in the logs regular instances of this message:
[2017-08-11 14:57:03] VERBOSE[30044][C-000001a3] pbx.c: Executing [s@from-sip-external:6] Log("SIP/67.68.XXX.XXX-00000488", "WARNING,"Rejecting unknown SIP connection from 93.115.26.2"") in new stack
[2017-08-11 14:57:03] WARNING[30044][C-000001a3] Ext. s: "Rejecting unknown SIP connection from 93.115.26.2"
[2017-08-11 14:57:03] VERBOSE[30044][C-000001a3] pbx.c: Executing [s@from-sip-external:7] Answer("SIP/67.68.XXX.XXX-00000488", "") in new stack
[2017-08-11 14:57:03] VERBOSE[30044][C-000001a3] pbx.c: Executing [s@from-sip-external:8] Wait("SIP/67.68.XXX.XXX-00000488", "2") in new stack
[2017-08-11 14:57:05] VERBOSE[30044][C-000001a3] pbx.c: Executing [s@from-sip-external:9] Playback("SIP/67.68.XXX.XXX-00000488", "ss-noservice") in new stack
[2017-08-11 14:57:05] VERBOSE[30044][C-000001a3] file.c: Playing 'ss-noservice.ulaw' (language 'en')
[2017-08-11 14:57:10] VERBOSE[29425][C-000001a2] res_musiconhold.c: Started music on hold, class 'default', on channel 'SIP/507-00000486'
[2017-08-11 14:57:10] VERBOSE[30044][C-000001a3] pbx.c: Executing [s@from-sip-external:10] PlayTones("SIP/67.68.XXX.XXX-00000488", "congestion") in new stack
[2017-08-11 14:57:10] VERBOSE[30044][C-000001a3] pbx.c: Executing [s@from-sip-external:11] Congestion("SIP/67.68.XXX.XXX-00000488", "5") in new stack
[2017-08-11 14:57:15] VERBOSE[30044][C-000001a3] pbx.c: Spawn extension (from-sip-external, s, 11) exited non-zero on 'SIP/67.68.XXX.XXX-00000488'
[2017-08-11 14:57:15] VERBOSE[30044][C-000001a3] pbx.c: Executing [h@from-sip-external:1] Hangup("SIP/67.68.XXX.XXX-00000488", "") in new stack
[2017-08-11 14:57:15] VERBOSE[30044][C-000001a3] pbx.c: Spawn extension (from-sip-external, h, 1) exited non-zero on 'SIP/67.68.101.XXX-00000488'
[2017-08-11 14:57:27] VERBOSE[29425][C-000001a2] res_musiconhold.c: Stopped music on hold on SIP/507-00000486
[2017-08-11 14:57:35] WARNING[2336] chan_sip.c: Retransmission timeout reached on transmission 626a73ce2ee623cababc6d8e2ddfd01d for seqno 1 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32000ms with no response

XXX.XXX replaces the original IP for safety reasons.

The specialist that installed and configured the Fortigate claims that the traffic relating to the error message above is FROM our PBX, TO the outside world. The Fortigate is configured to allow UDP traffic on 5060 and 10000 - 20000 from our SIP provider's IP address range ONLY; hence, we would assume that there would be no way for 93.115.26.2 to try and contact our PBX directly.

One other detail: PORT 5060 answers to telnet requests, even when my Internet Modem is fully disconnect. That is because my internet supplier offers phone lines with their modems, and appears to offer said landline on their PBX answering to telnet requests from the outside world. Fortigate specialist suggests changing the listening port to isolate our PBX from BELL's system.

I would like to hear suggestions on how to resolve my issue. You may very well need more information from my part: please do not hesitate to ask! Make sure you are precise on your requests, as I'm not a VoIP expert. I cam navigate in Linux and am familiar with Freepbx, but that's pretty much it.

Thanks!!

Posts: 4

Participants: 3

Read full topic


Viewing all articles
Browse latest Browse all 12590

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>