Author Topic: Some calls are being made  (Read 3477 times)

brononius

  • Guru
  • ****
  • Posts: 454
  • Trying to keep it simple and centralized...
    • View Profile
    • OnIrIa - linuxMCE blog
Some calls are being made
« on: February 17, 2012, 10:41:59 am »
Hey,

I'm playing around with some phone & linuxMCE. At first sight, very simple (once you figure out how to put your cisco phone on SIP), and it works perfectly.
Internally, i can do some calls, to the external world it works... I've request and external number now, so waiting delivery to test incoming calls...

But when i look in my logs, from time to time, some strange entries. I'm wondering who is answering this.
  • The phone calls don't make it to the outside world (000xxxx). My provider logs stay empty....
  • And the calls from 101 to 101? I don't have an extension 101...
Do i need to worry about something or is this normal behaviour?

ID Calldate  Channel Source Clid Dst Disposition Duration
7.     2012-02-16 08:07:36    SIP/202-b5...    202    "device" <202>    0001520173882639    ANSWERED    00:04
8.     2012-02-16 08:07:24    SIP/202-b5...    202    "device" <202>    00020173882639    ANSWERED    00:04
9.     2012-02-16 00:56:07    SIP/178.11...    101    101    s    ANSWERED    00:13
10.     2012-02-16 00:56:05    SIP/178.11...    101    101    s    ANSWERED    00:12
Version: linuxMCE 1404, running virtual on ESXi

Orbiters: ASUS eeePAD, Nexus 5, Huwai, web
Automation: EIB technology, KNX IP ROUTER 750
Phones: Cisco 7912-7940-7960
Camera's: Foscam POE

ladekribs

  • Veteran
  • ***
  • Posts: 86
    • View Profile
Re: Some calls are being made
« Reply #1 on: February 17, 2012, 12:08:39 pm »
Hi Brononi,

I now very little about SIP but there is a common pattern in the Dst in row 7 & 8
0001520173882639
xx00020173882639

can that be some one trying to dial with different area or coutry codes?

do you recognize the IP adress in row 9 & 10 178.11...

BR Stefan

brononius

  • Guru
  • ****
  • Posts: 454
  • Trying to keep it simple and centralized...
    • View Profile
    • OnIrIa - linuxMCE blog
Re: Some calls are being made
« Reply #2 on: February 17, 2012, 12:48:10 pm »
Nope, the phones are in a closed room, and during night, i'm for sure that nobody will work on it...

I've put a 'pattern' for outgoing calls that don't match this (i don't allow international calls for the moment, so no 00). Th strange part in here is that i don't understand why it was answered for 4 seconds...

The IP is completely unknown by me...
Version: linuxMCE 1404, running virtual on ESXi

Orbiters: ASUS eeePAD, Nexus 5, Huwai, web
Automation: EIB technology, KNX IP ROUTER 750
Phones: Cisco 7912-7940-7960
Camera's: Foscam POE

Techstyle

  • Addicted
  • *
  • Posts: 674
    • View Profile
    • Techstyle UK Ltd.
Re: Some calls are being made
« Reply #3 on: February 17, 2012, 02:35:39 pm »
I would read the many forum posts associated with asterisk being hacked then strengthen your passwords and install, i think it is called, 'fail2ban' using instructions from the wiki.