Am i being hacked? SIP Private Asterisk

Discussion in '3CX Phone System - General' started by shanus6, May 7, 2015.

Thread Status:
Not open for further replies.
  1. shanus6

    Joined:
    Apr 16, 2015
    Messages:
    17
    Likes Received:
    0
    Hey Guys,

    Something strange happened today.

    A call came into our main queue, rang the desktop phones and when picked up there was no caller there.

    The CID on the screen read out as: asterisk

    Heres the log file. As you can see there are multiple references to Private Asterisk. There was also an entry that read asterisk@ then listed my FQDN.

    What is this. Ive never seen it before?

    Super worried now

    Code:
    07-May-2015 14:48:20.902   [CM503025]: Call(C:77): Calling T:Extn:106@[Dev:sip:106@##] for L:77.1[Queue]
    07-May-2015 14:48:20.899   [CM503025]: Call(C:76): Calling T:Extn:101@[Dev:sip:101@##] for L:76.1[Queue]
    07-May-2015 14:48:20.895   [CM503025]: Call(C:75): Calling T:Extn:102@[Dev:sip:102@##] for L:75.1[Queue]
    07-May-2015 14:48:20.859   [CM503027]: Call(C:78): From: Queue:804 ("private" <sip:asterisk@127.0.0.1:5060>)  to  T:Extn:105@[Dev:sip:105@##]
    07-May-2015 14:48:20.859   [CM503004]: Call(C:78): Route 1: from L:78.1[Queue] to T:Extn:105@[Dev:sip:105@##]
    07-May-2015 14:48:20.859   [CM503027]: Call(C:77): From: Queue:804 ("private" <sip:asterisk@127.0.0.1:5060>)  to  T:Extn:106@[Dev:sip:##]
    07-May-2015 14:48:20.859   [CM503004]: Call(C:77): Route 1: from L:77.1[Queue] to T:Extn:106@[Dev:sip:106@##]
    07-May-2015 14:48:20.859   [CM503027]: Call(C:76): From: Queue:804 ("private" <sip:asterisk@127.0.0.1:5060>)  to  T:Extn:101@[Dev:sip:101@##]
    07-May-2015 14:48:20.859   [CM503004]: Call(C:76): Route 1: from L:76.1[Queue] to T:Extn:101@[Dev:sip:101@##]
    [b]07-May-2015 14:48:20.858   [CM503027]: Call(C:75): From: Queue:804 ("private" <sip:asterisk@127.0.0.1:5060>)  to  T:Extn:102@[Dev:sip:102@##][/b]
    07-May-2015 14:48:20.858   [CM503004]: Call(C:75): Route 1: from L:75.1[Queue] to T:Extn:102@[Dev:sip:102@##]
    07-May-2015 14:48:20.857   [CM503001]: Call(C:78): Incoming call from Queue:804 to <sip:105@127.0.0.1:5060>
    07-May-2015 14:48:20.852   [CM503001]: Call(C:77): Incoming call from Queue:804 to <sip:106@127.0.0.1:5060>
    07-May-2015 14:48:20.847   [CM503001]: Call(C:76): Incoming call from Queue:804 to <sip:101@127.0.0.1:5060>
    07-May-2015 14:48:20.842   [CM503001]: Call(C:75): Incoming call from Queue:804 to <sip:102@127.0.0.1:5060>
    07-May-2015 14:48:20.011   Leg L:73.2[Queue] is terminated: Cause: BYE from 127.0.0.1:5488
    07-May-2015 14:48:19.845   [CM503007]: Call(C:73): Queue:804 has joined, contact <sip:804@127.0.0.1:5488>
    07-May-2015 14:48:19.842   L:73.3[Queue] has joined to L:73.1[Line:10000<<asterisk]
    07-May-2015 14:48:19.698   [CM503025]: Call(C:73): Calling T:Queue:804@[Dev:sip:804@127.0.0.1:5488;rinstance=77085078ed1d0106] for L:73.1[Line:10000<<asterisk]
    [b]07-May-2015 14:48:19.644   [CM503027]: Call(C:73): From: Line:10000<<asterisk ("private" <sip:** the value that was here was asterisk@my fqdn **>)  to  T:Queue:804@[Dev:sip:804@127.0.0.1:5488;rinstance=77085078ed1d0106][/b]
    07-May-2015 14:48:19.644   [CM503004]: Call(C:73): Route 1: from L:73.1[Line:10000<<asterisk] to T:Queue:804@[Dev:sip:804@127.0.0.1:5488;rinstance=77085078ed1d0106]
    07-May-2015 14:48:19.644   [CM505003]: Provider:[###] Device info: Device Not Identified: User Agent not matched; Capabilities:[reinvite, replaces, able-no-sdp, recvonly] UserAgent: [Asterisk PBX 1.6.2.21] PBX contact: [sip:########]
    07-May-2015 14:48:16.038   Leg L:74.2[Extn] is terminated: Cause: 487 Request Terminated/INVITE from ##
    07-May-2015 14:48:16.038   [CM503003]: Call(C:74): Call to <sip:102@##> has failed; Cause: 487 Request Terminated/INVITE from ##
    07-May-2015 14:48:15.919   [CM503008]: Call(C:74): Call is terminated
    07-May-2015 14:48:15.917   Leg L:74.1[Queue] is terminated: Cause: CANCEL from 127.0.0.1:5488
    07-May-2015 14:48:08.095   [CM503025]: Call(C:74): Calling T:Extn:102@[Dev:sip:102@##] for L:74.1[Queue]
    07-May-2015 14:48:08.046   [CM503027]: Call(C:74): From: Queue:803 ("private" <sip:asterisk@127.0.0.1:5060>)  to  T:Extn:102@[Dev:sip:102@##]
    07-May-2015 14:48:08.046   [CM503004]: Call(C:74): Route 1: from L:74.1[Queue] to T:Extn:102@[Dev:sip:102@##]
    07-May-2015 14:48:08.044   [CM503001]: Call(C:74): Incoming call from Queue:803 to <sip:102@127.0.0.1:5060>
    07-May-2015 14:48:01.026   [CM503007]: Call(C:73): Queue:803 has joined, contact <sip:803@127.0.0.1:5488>
    07-May-2015 14:48:01.025   [CM503007]: Call(C:73): Line:10000<<asterisk has joined, contact <sip:##@sip.###.com:5060>
    07-May-2015 14:48:01.024   L:73.2[Queue] has joined to L:73.1[Line:10000<<asterisk]
    07-May-2015 14:48:00.874   [CM503025]: Call(C:73): Calling T:Queue:803@[Dev:sip:803@127.0.0.1:5488;rinstance=6e46415b291fe4ab] for L:73.1[Line:10000<<asterisk]
    07-May-2015 14:48:00.831   [CM503027]: Call(C:73): From: Line:10000<<asterisk ("private" <sip:##UNKOWN WEB ADDRESS##:5060>)  to  T:Queue:803@[Dev:sip:803@127.0.0.1:5488;rinstance=6e46415b291fe4ab]
    07-May-2015 14:48:00.831   [CM503004]: Call(C:73): Route 1: from L:73.1[Line:10000<<asterisk] to T:Queue:803@[Dev:sip:803@127.0.0.1:5488;rinstance=6e46415b291fe4ab]
    07-May-2015 14:48:00.830   [CM505003]: Provider:[##] Device info: Device Not Identified: User Agent not matched; Capabilities:[reinvite, replaces, able-no-sdp, recvonly] UserAgent: [Asterisk PBX 1.6.2.21] PBX contact: [sip:######@#########]
    07-May-2015 14:48:00.829   [CM503001]: Call(C:73): Incoming call from Line:10000<<asterisk to <sip:803@######
    
     
  2. davidbenwell

    davidbenwell Active Member

    Joined:
    Apr 27, 2010
    Messages:
    704
    Likes Received:
    0
    sometimes the calling party send to their voip provider a caller name such as extension name on 3CX

    if the voip provider supports this, it will be sent on to the person they are calling

    so if your SIP Provider supported this and the name on your extension is set to Chris. on the persons phone you are calling it could then display Chris.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.