Some calls are being made

[brononius]

Hey,

I'm playing around with some phone & linuxMCE. At first sight, very simple (once you figure out how to put your cisco phone on SIP), and it works perfectly.
Internally, i can do some calls, to the external world it works... I've request and external number now, so waiting delivery to test incoming calls...

But when i look in my logs, from time to time, some strange entries. I'm wondering who is answering this.

• The phone calls don't make it to the outside world (000xxxx). My provider logs stay empty....
• And the calls from 101 to 101? I don't have an extension 101...

Do i need to worry about something or is this normal behaviour?

ID Calldate  Channel Source Clid Dst Disposition Duration
7.     2012-02-16 08:07:36    SIP/202-b5...    202    "device" <202>    0001520173882639    ANSWERED    00:04
8.     2012-02-16 08:07:24    SIP/202-b5...    202    "device" <202>    00020173882639    ANSWERED    00:04
9.     2012-02-16 00:56:07    SIP/178.11...    101    101    s    ANSWERED    00:13
10.     2012-02-16 00:56:05    SIP/178.11...    101    101    s    ANSWERED    00:12

[ladekribs]

Hi Brononi,

I now very little about SIP but there is a common pattern in the Dst in row 7 & 8
0001520173882639
xx00020173882639

can that be some one trying to dial with different area or coutry codes?

do you recognize the IP adress in row 9 & 10 178.11...

BR Stefan

[brononius]

Nope, the phones are in a closed room, and during night, i'm for sure that nobody will work on it...

I've put a 'pattern' for outgoing calls that don't match this (i don't allow international calls for the moment, so no 00). Th strange part in here is that i don't understand why it was answered for 4 seconds...

The IP is completely unknown by me...

[Techstyle]

I would read the many forum posts associated with asterisk being hacked then strengthen your passwords and install, i think it is called, 'fail2ban' using instructions from the wiki.