[Kotska]

Bonjour, je me fais pirater ma ligne, comment arreter cela ?

Pour le moment j'ai débranché physiquement la ligne telephonique de la livebox afin d'eviter l'acheminement des appels.
Le mois dernier, les appels partaient vers les lignes SIP d'OVH. J'ai bloqué chez OVH les appels vers les mobiles et l'international, et maintenant ca part vers la livebox qui me sert de ligne fax...
les N° de telephone vont vers la Somalie, Egypte .... et je n'ai jamais appelé la bas.

merci de votre aide.

90.8.177.23 => ip internet
192.168.1.32 => ip serveur 3cx
192.168.1.88 => ip SPA3102 ligne fixe
192.168.1.89 => ip SPA3102 ligne voip livebox
EXT 101 => telephone sur ligne fixe

Journal du serveur 3cx

05:43:13.152 [CM506001]: STUN request to resolve SIP external IP:port mapping is sent to STUN server 96.9.132.83:3478 over Transport 192.168.1.32:5060
05:23:13.074 [CM506001]: STUN request to resolve SIP external IP:port mapping is sent to STUN server 96.9.132.83:3478 over Transport 192.168.1.32:5060
05:03:12.839 [CM506001]: STUN request to resolve SIP external IP:port mapping is sent to STUN server 96.9.132.83:3478 over Transport 192.168.1.32:5060
04:43:12.605 [CM506001]: STUN request to resolve SIP external IP:port mapping is sent to STUN server 96.9.132.83:3478 over Transport 192.168.1.32:5060
04:23:12.167 [CM506001]: STUN request to resolve SIP external IP:port mapping is sent to STUN server 96.9.132.83:3478 over Transport 192.168.1.32:5060
04:03:12.089 [CM506001]: STUN request to resolve SIP external IP:port mapping is sent to STUN server 96.9.132.83:3478 over Transport 192.168.1.32:5060
03:43:11.949 [CM506001]: STUN request to resolve SIP external IP:port mapping is sent to STUN server 96.9.132.83:3478 over Transport 192.168.1.32:5060
03:23:11.933 [CM506001]: STUN request to resolve SIP external IP:port mapping is sent to STUN server 96.9.132.83:3478 over Transport 192.168.1.32:5060
03:03:11.870 [CM506001]: STUN request to resolve SIP external IP:port mapping is sent to STUN server 96.9.132.83:3478 over Transport 192.168.1.32:5060
02:43:11.699 [CM506001]: STUN request to resolve SIP external IP:port mapping is sent to STUN server 96.9.132.83:3478 over Transport 192.168.1.32:5060
02:24:45.495 [CM504002]: Ext.101: a contact is unregistered. Contact(s): [sip:101@41.153.62.166:64376;rinstance=4afe0a918baecd67/101,sip:101@192.168.1.88:5060/101]
02:24:45.480 [CM504002]: Ext.101: a contact is unregistered. Contact(s): [sip:101@41.64.217.101:10000/101,sip:101@41.153.62.166:64376;rinstance=4afe0a918baecd67/101,sip:101@192.168.1.88:5060/101]
02:23:57.699 [CM503008]: Call(583): Call is terminated
02:23:57.636 [CM503020]: Normal call termination. Reason: Server Failure
02:23:57.636 [CM503016]: Call(583): Attempt to reach "0020191212179"<sip:0020191212179@90.8.177.23> failed. Reason: Server Failure
02:23:57.636 [CM503003]: Call(583): Call to sip:0020191212179@192.168.1.89:5063 has failed; Cause: 503 Service Unavailable; from IP:192.168.1.89:5063
02:23:57.605 [CM503025]: Call(583): Calling PSTNline:0020191212179@(Ln.10704@FAX)@[Dev:sip:10704@192.168.1.89:5063]
02:23:57.574 [CM503004]: Call(583): Route 1: PSTNline:0020191212179@(Ln.10704@FAX)@[Dev:sip:10704@192.168.1.89:5063]
02:23:57.511 [CM503010]: Making route(s) to "0020191212179"<sip:0020191212179@90.8.177.23>
02:23:57.480 [CM505001]: Ext.101: Device info: Device Identified: [Man: Counterpath;Mod: X-Lite;Rev: General] Capabilities:[reinvite, no-replaces, unable-no-sdp, recvonly] UserAgent: [X-Lite release 1104o stamp 56125] PBX contact: [sip:101@90.8.177.23:5060]
02:23:57.464 [CM503001]: Call(583): Incoming call from Ext.101 to "0020191212179"<sip:0020191212179@90.8.177.23>
02:23:51.667 [CM504001]: Ext.101: new contact is registered. Contact(s): [sip:101@41.64.217.101:10000/101,sip:101@41.153.62.166:64376;rinstance=4afe0a918baecd67/101,sip:101@192.168.1.88:5060/101,sip:101@41.64.217.101:10003/101]
02:23:11.683 [CM506001]: STUN request to resolve SIP external IP:port mapping is sent to STUN server 96.9.132.83:3478 over Transport 192.168.1.32:5060
02:03:11.636 [CM506001]: STUN request to resolve SIP external IP:port mapping is sent to STUN server 96.9.132.83:3478 over Transport 192.168.1.32:5060
01:43:11.449 [CM506001]: STUN request to resolve SIP external IP:port mapping is sent to STUN server 96.9.132.83:3478 over Transport 192.168.1.32:5060
01:23:11.402 [CM506001]: STUN request to resolve SIP external IP:port mapping is sent to STUN server 96.9.132.83:3478 over Transport 192.168.1.32:5060
01:03:11.386 [CM506001]: STUN request to resolve SIP external IP:port mapping is sent to STUN server 96.9.132.83:3478 over Transport 192.168.1.32:5060
00:43:11.245 [CM506001]: STUN request to resolve SIP external IP:port mapping is sent to STUN server 96.9.132.83:3478 over Transport 192.168.1.32:5060
00:23:11.230 [CM506001]: STUN request to resolve SIP external IP:port mapping is sent to STUN server 96.9.132.83:3478 over Transport 192.168.1.32:5060
00:03:11.230 [CM506001]: STUN request to resolve SIP external IP:port mapping is sent to STUN server 96.9.132.83:3478 over Transport 192.168.1.32:5060
23:43:10.886 [CM506001]: STUN request to resolve SIP external IP:port mapping is sent to STUN server 96.9.132.83:3478 over Transport 192.168.1.32:5060
23:23:10.792 [CM506001]: STUN request to resolve SIP external IP:port mapping is sent to STUN server 96.9.132.83:3478 over Transport 192.168.1.32:5060
23:03:10.714 [CM506001]: STUN request to resolve SIP external IP:port mapping is sent to STUN server 96.9.132.83:3478 over Transport 192.168.1.32:5060
22:43:10.370 [CM506001]: STUN request to resolve SIP external IP:port mapping is sent to STUN server 96.9.132.83:3478 over Transport 192.168.1.32:5060
22:23:13.386 [CM506004]: STUN request to STUN server 96.9.132.83:3478 has timed out; used Transport: 192.168.1.32:5060
22:23:10.370 [CM506001]: STUN request to resolve SIP external IP:port mapping is sent to STUN server 96.9.132.83:3478 over Transport 192.168.1.32:5060
22:08:54.152 [CM504001]: Ext.101: new contact is registered. Contact(s): [sip:101@196.218.172.187:5062/101,sip:101@41.64.217.101:10000/101,sip:101@41.153.214.60:8918/101,sip:101@41.64.215.160:10007/101,sip:101@192.168.1.88:5060/101,sip:101@41.64.215.160:10001/101,sip:101@10.98.2.7:8326/101,sip:101@41.64.217.101:10003/101]
22:08:51.917 [CM504001]: Ext.101: new contact is registered. Contact(s): [sip:101@196.218.172.187:5062/101,sip:101@41.153.214.60:8918/101,sip:101@41.64.215.160:10007/101,sip:101@192.168.1.88:5060/101,sip:101@41.64.215.160:10001/101,sip:101@10.98.2.7:8326/101,sip:101@41.64.217.101:10003/101]
22:03:10.292 [CM506001]: STUN request to resolve SIP external IP:port mapping is sent to STUN server 96.9.132.83:3478 over Transport 192.168.1.32:5060
22:00:16.636 [CM504002]: Ext.101: a contact is unregistered. Contact(s): [sip:101@196.218.172.187:5062/101,sip:101@41.153.214.60:8918/101,sip:101@41.64.215.160:10007/101,sip:101@192.168.1.88:5060/101,sip:101@41.233.84.58:19418;rinstance=3d392ea46f180a94/101,sip:101@41.64.215.160:10001/101,sip:101@41.233.84.58:26172;rinstance=ead5be619aa41586/101,sip:101@10.98.2.7:8326/101]
21:57:34.964 [CM503008]: Call(582): Call is terminated
21:57:34.902 [CM503020]: Normal call termination. Reason: Server Failure
21:57:34.902 [CM503016]: Call(582): Attempt to reach "0020191212179"<sip:0020191212179@90.8.177.23> failed. Reason: Server Failure
21:57:34.902 [CM503003]: Call(582): Call to sip:0020191212179@192.168.1.89:5063 has failed; Cause: 503 Service Unavailable; from IP:192.168.1.89:5063
21:57:34.808 [CM503025]: Call(582): Calling PSTNline:0020191212179@(Ln.10704@FAX)@[Dev:sip:10704@192.168.1.89:5063]
21:57:34.745 [CM503004]: Call(582): Route 1: PSTNline:0020191212179@(Ln.10704@FAX)@[Dev:sip:10704@192.168.1.89:5063]
21:57:34.699 [CM503010]: Making route(s) to "0020191212179"<sip:0020191212179@90.8.177.23>
21:57:34.683 [CM505001]: Ext.101: Device info: Device Identified: [Man: Counterpath;Mod: X-Lite;Rev: General] Capabilities:[reinvite, no-replaces, unable-no-sdp, recvonly] UserAgent: [X-Lite release 1104o stamp 56125] PBX contact: [sip:101@90.8.177.23:5060]
21:57:34.667 [CM503001]: Call(582): Incoming call from Ext.101 to "0020191212179"<sip:0020191212179@90.8.177.23>
21:56:53.230 [CM504001]: Ext.101: new contact is registered. Contact(s): [sip:101@196.218.172.187:5062/101,sip:101@41.153.214.60:8918/101,sip:101@41.64.215.160:10007/101,sip:101@192.168.1.88:5060/101,sip:101@41.233.84.58:19418;rinstance=3d392ea46f180a94/101,sip:101@41.64.215.160:10001/101,sip:101@41.233.84.58:26172;rinstance=ead5be619aa41586/101,sip:101@10.98.2.7:8326/101,sip:101@41.153.214.60:37648;rinstance=4eab4cb7dda64649/101]
21:56:27.183 [CM503008]: Call(581): Call is terminated
21:56:27.152 [CM503020]: Normal call termination. Reason: Server Failure
21:56:27.152 [CM503016]: Call(581): Attempt to reach <sip:0020191212179@90.8.177.23> failed. Reason: Server Failure
21:56:27.152 [CM503003]: Call(581): Call to sip:0020191212179@192.168.1.89:5063 has failed; Cause: 503 Service Unavailable; from IP:192.168.1.89:5063
21:56:27.089 [CM503025]: Call(581): Calling PSTNline:0020191212179@(Ln.10704@FAX)@[Dev:sip:10704@192.168.1.89:5063]
21:56:27.058 [CM503004]: Call(581): Route 1: PSTNline:0020191212179@(Ln.10704@FAX)@[Dev:sip:10704@192.168.1.89:5063]
21:56:27.011 [CM503010]: Making route(s) to <sip:0020191212179@90.8.177.23>
21:56:27.011 [CM505001]: Ext.101: Device info: Device Identified: [Man: Counterpath;Mod: eyeBeam;Rev: General] Capabilities:[reinvite, no-replaces, unable-no-sdp, recvonly] UserAgent: [eyeBeam release 3006o stamp 17551] PBX contact: [sip:101@90.8.177.23:5060]
21:56:26.995 [CM503001]: Call(581): Incoming call from Ext.101 to <sip:0020191212179@90.8.177.23>
21:55:56.589 [CM503008]: Call(580): Call is terminated
21:55:56.527 [CM503020]: Normal call termination. Reason: Server Failure
21:55:56.527 [CM503016]: Call(580): Attempt to reach <sip:002522160297@90.8.177.23> failed. Reason: Server Failure
21:55:56.527 [CM503003]: Call(580): Call to sip:002522160297@192.168.1.89:5063 has failed; Cause: 503 Service Unavailable; from IP:192.168.1.89:5063
21:55:56.495 [CM503025]: Call(580): Calling PSTNline:002522160297@(Ln.10704@FAX)@[Dev:sip:10704@192.168.1.89:5063]
21:55:56.433 [CM503004]: Call(580): Route 1: PSTNline:002522160297@(Ln.10704@FAX)@[Dev:sip:10704@192.168.1.89:5063]
21:55:56.386 [CM503010]: Making route(s) to <sip:002522160297@90.8.177.23>
21:55:56.386 [CM505001]: Ext.101: Device info: Device Identified: [Man: Counterpath;Mod: eyeBeam;Rev: General] Capabilities:[reinvite, no-replaces, unable-no-sdp, recvonly] UserAgent: [eyeBeam release 3006o stamp 17551] PBX contact: [sip:101@90.8.177.23:5060]
21:55:56.370 [CM503001]: Call(580): Incoming call from Ext.101 to <sip:002522160297@90.8.177.23>
21:55:39.027 [CM504001]: Ext.101: new contact is registered. Contact(s): [sip:101@196.218.172.187:5062/101,sip:101@41.153.214.60:8918/101,sip:101@41.64.215.160:10007/101,sip:101@192.168.1.88:5060/101,sip:101@41.233.84.58:19418;rinstance=3d392ea46f180a94/101,sip:101@41.64.215.160:10001/101,sip:101@41.233.84.58:26172;rinstance=ead5be619aa41586/101,sip:101@10.98.2.7:8326/101]
21:53:56.464 [CM504002]: Ext.101: a contact is unregistered. Contact(s): [sip:101@196.218.172.187:5062/101,sip:101@41.64.215.160:10007/101,sip:101@192.168.1.88:5060/101,sip:101@41.233.84.58:19418;rinstance=3d392ea46f180a94/101,sip:101@41.64.215.160:10001/101,sip:101@41.233.84.58:26172;rinstance=ead5be619aa41586/101,sip:101@10.98.2.7:8326/101]
21:52:36.714 [CM504001]: Ext.101: new contact is registered. Contact(s): [sip:101@41.153.214.60:15846;rinstance=82f037bdbabe7647/101,sip:101@196.218.172.187:5062/101,sip:101@41.64.215.160:10007/101,sip:101@192.168.1.88:5060/101,sip:101@41.233.84.58:19418;rinstance=3d392ea46f180a94/101,sip:101@41.64.215.160:10001/101,sip:101@41.233.84.58:26172;rinstance=ead5be619aa41586/101,sip:101@10.98.2.7:8326/101]
21:43:09.980 [CM506001]: STUN request to resolve SIP external IP:port mapping is sent to STUN server 96.9.132.83:3478 over Transport 192.168.1.32:5060
21:36:32.964 [CM504002]: Ext.101: a contact is unregistered. Contact(s): [sip:101@196.218.172.187:5062/101,sip:101@41.64.215.160:10007/101,sip:101@192.168.1.88:5060/101,sip:101@41.233.84.58:19418;rinstance=3d392ea46f180a94/101,sip:101@41.64.215.160:10001/101,sip:101@41.233.84.58:26172;rinstance=ead5be619aa41586/101,sip:101@10.98.2.7:8326/101]
21:36:10.917 [CM503008]: Call(579): Call is terminated
21:36:10.886 [CM503020]: Normal call termination. Reason: Not found
21:36:10.886 [CM503016]: Call(579): Attempt to reach "80020226400475"<sip:80020226400475@90.8.177.23> failed. Reason: Not Found
21:36:10.870 [CM503014]: Call(579): No known route to target: "80020226400475"<sip:80020226400475@90.8.177.23>
21:36:10.839 [CM503010]: Making route(s) to "80020226400475"<sip:80020226400475@90.8.177.23>
21:36:10.824 [CM505001]: Ext.101: Device info: Device Identified: [Man: Counterpath;Mod: X-Lite;Rev: General] Capabilities:[reinvite, no-replaces, unable-no-sdp, recvonly] UserAgent: [X-Lite release 1103k stamp 53621] PBX contact: [sip:101@90.8.177.23:5060]
21:36:10.808 [CM503001]: Call(579): Incoming call from Ext.101 to "80020226400475"<sip:80020226400475@90.8.177.23>
21:36:04.792 [CM503008]: Call(578): Call is terminated
21:36:04.745 [CM503020]: Normal call termination. Reason: Not found
21:36:04.745 [CM503016]: Call(578): Attempt to reach "90020226400475"<sip:90020226400475@90.8.177.23> failed. Reason: Not Found
21:36:04.745 [CM503014]: Call(578): No known route to target: "90020226400475"<sip:90020226400475@90.8.177.23>
21:36:04.699 [CM503010]: Making route(s) to "90020226400475"<sip:90020226400475@90.8.177.23>
21:36:04.699 [CM505001]: Ext.101: Device info: Device Identified: [Man: Counterpath;Mod: X-Lite;Rev: General] Capabilities:[reinvite, no-replaces, unable-no-sdp, recvonly] UserAgent: [X-Lite release 1103k stamp 53621] PBX contact: [sip:101@90.8.177.23:5060]
21:36:04.683 [CM503001]: Call(578): Incoming call from Ext.101 to "90020226400475"<sip:90020226400475@90.8.177.23>
21:35:59.730 [CM504001]: Ext.101: new contact is registered. Contact(s): [sip:101@41.233.84.58:48498;rinstance=faebb973323d16f1/101,sip:101@196.218.172.187:5062/101,sip:101@41.64.215.160:10007/101,sip:101@192.168.1.88:5060/101,sip:101@41.233.84.58:19418;rinstance=3d392ea46f180a94/101,sip:101@41.64.215.160:10001/101,sip:101@41.233.84.58:26172;rinstance=ead5be619aa41586/101,sip:101@10.98.2.7:8326/101]
21:35:50.386 [CM503008]: Call(577): Call is terminated
21:35:50.324 [CM503020]: Normal call termination. Reason: Server Failure
21:35:50.324 [CM503016]: Call(577): Attempt to reach "00020226400475"<sip:00020226400475@90.8.177.23> failed. Reason: Server Failure
21:35:50.324 [CM503003]: Call(577): Call to sip:00020226400475@192.168.1.89:5063 has failed; Cause: 503 Service Unavailable; from IP:192.168.1.89:5063
21:35:50.261 [CM503025]: Call(577): Calling PSTNline:00020226400475@(Ln.10704@FAX)@[Dev:sip:10704@192.168.1.89:5063]
21:35:50.230 [CM503004]: Call(577): Route 1: PSTNline:00020226400475@(Ln.10704@FAX)@[Dev:sip:10704@192.168.1.89:5063]
21:35:50.183 [CM503010]: Making route(s) to "00020226400475"<sip:00020226400475@90.8.177.23>
21:35:50.167 [CM505001]: Ext.101: Device info: Device Identified: [Man: Counterpath;Mod: X-Lite;Rev: General] Capabilities:[reinvite, no-replaces, unable-no-sdp, recvonly] UserAgent: [X-Lite release 1103k stamp 53621] PBX contact: [sip:101@90.8.177.23:5060]
21:35:50.167 [CM503001]: Call(577): Incoming call from Ext.101 to "00020226400475"<sip:00020226400475@90.8.177.23>
21:35:48.902 [CM504001]: Ext.101: new contact is registered. Contact(s): [sip:101@196.218.172.187:5062/101,sip:101@41.64.215.160:10007/101,sip:101@192.168.1.88:5060/101,sip:101@41.233.84.58:19418;rinstance=3d392ea46f180a94/101,sip:101@41.64.215.160:10001/101,sip:101@41.233.84.58:26172;rinstance=ead5be619aa41586/101,sip:101@10.98.2.7:8326/101]
21:35:15.542 [CM503008]: Call(576): Call is terminated

[plunket]

Bonjour,

pour effectuer des appels à partir de 3CX il faut être enregistré en tant qu'extension.
Ici c'est la 101, donc essayez de changer le mot de passe.

[Kotska]

Bonjour,

J'ai donc changé les mots de passe des extentions, c'est vrai que c'est pas malin de mettre comme mot de passe le N° de l'ID ( id 101 pass 101 ), mais pour installé le system et faire des essais c'est plus rapide.

Pour le moment je n'ai plus d'appel automatique indesirable.

J'ai cependant un spam toute les 30 min dans le journal 3cx serveur

09:48:01.093 [CM506001]: STUN request to resolve SIP external IP:port mapping is sent to STUN server 96.9.132.83:3478 over Transport 192.168.1.32:5060

Si quelqu'un a une idée si c'est normale ou sinon comment supprimer cette attaque ??

J'ai scanné le pc serveur avec Kaspersky pure et spybot pour trouver un eventuel prog indesirable, et aucun soucis de trouvé...

La recherche sur l'IP 96.9.132.83 pointe au USA !! ( http://ip-address-lookup-v4.com/lookup. ... 6.9.132.83 )

IP Information - 96.9.132.83
Host name 96913283.hostnoc.net
Country United States
Country Code US
Region Pennsylvania
City Scranton
Postal Code 18501
Latitude 41.4201
Longitude -75.6485
Area Code 570
DMA Code 577

Merci de vos réponses

Bonne journée

[plunket]

L'utilisation d'un serveur STUN est activée par défaut dans 3CX.
Et ça n'a rien d'un spam. http://www.3cx.fr/voip-sip/stun-server.php

[sbsconseil]

Bonjour,

Je vous conseille de passer en 3 CX V9 il y a des outil anti-hack et une génération de password pour les extensions

après il faut aussi voir pour n'autorisé que l'adresse ip de OVH à entree sur votre réseaux via un firewall.

puis faire un test d'intrusion de l'extérieur vers votre réseaux pour vérifier les problème de sécurité