LinuxMCE Forums
General => Installation issues => Topic started by: brononius on February 17, 2012, 10:41:59 am
-
Hey,
I'm playing around with some phone & linuxMCE. At first sight, very simple (once you figure out how to put your cisco phone on SIP), and it works perfectly.
Internally, i can do some calls, to the external world it works... I've request and external number now, so waiting delivery to test incoming calls...
But when i look in my logs, from time to time, some strange entries. I'm wondering who is answering this.
- The phone calls don't make it to the outside world (000xxxx). My provider logs stay empty....
- And the calls from 101 to 101? I don't have an extension 101...
Do i need to worry about something or is this normal behaviour?
ID Calldate Channel Source Clid Dst Disposition Duration
7. 2012-02-16 08:07:36 SIP/202-b5... 202 "device" <202> 0001520173882639 ANSWERED 00:04
8. 2012-02-16 08:07:24 SIP/202-b5... 202 "device" <202> 00020173882639 ANSWERED 00:04
9. 2012-02-16 00:56:07 SIP/178.11... 101 101 s ANSWERED 00:13
10. 2012-02-16 00:56:05 SIP/178.11... 101 101 s ANSWERED 00:12
-
Hi Brononi,
I now very little about SIP but there is a common pattern in the Dst in row 7 & 8
0001520173882639
xx00020173882639
can that be some one trying to dial with different area or coutry codes?
do you recognize the IP adress in row 9 & 10 178.11...
BR Stefan
-
Nope, the phones are in a closed room, and during night, i'm for sure that nobody will work on it...
I've put a 'pattern' for outgoing calls that don't match this (i don't allow international calls for the moment, so no 00). Th strange part in here is that i don't understand why it was answered for 4 seconds...
The IP is completely unknown by me...
-
I would read the many forum posts associated with asterisk being hacked then strengthen your passwords and install, i think it is called, 'fail2ban' using instructions from the wiki.