Possible Hack attempts

Discussion in 'Windows' started by Big-Foot, Oct 26, 2016.

Thread Status:
Not open for further replies.
  1. Big-Foot

    Joined:
    Oct 25, 2016
    Messages:
    5
    Likes Received:
    0
    Where getting a lot of strange internal calls from numbers that don't exist inside our 3CX server V15 Service pack 2
    Any body familiar with these kinds of attempts and responses from the 3CX server.

    I traced this external IP adres to somewhere in Russia

    10/25/2016 9:54:42 PM - [CM500002]: Call(C:2): Info on incoming INVITE from Line:10000<<1005: Invite-IN Recv Req INVITE from ***********:5070 tid=-7de511ec3ec900062dd3613b69396477 Call-ID=7de511ec3ec900062dd3613b69396477: INVITE sip:00441302247345@*********** SIP/2.0 Via: SIP/2.0/UDP ***********:5070;branch=z9hG4bK-7de511ec3ec900062dd3613b69396477;rport=5070 Max-Forwards: 70 Contact: <sip:1005@***********:5070> To: 00441302247345<sip:00441302247345@***********> From: 1005<sip:1005@***********>;tag=f9066e0e Call-ID: 7de511ec3ec900062dd3613b69396477 CSeq: 1 INVITE Allow: INVITE, ACK, CANCEL, BYE Content-Type: application/sdp User-Agent: sipcli/v1.8 Content-Length: 281 v=0 o=sipcli-Session 1522573569 1391025201 IN IP4 *********** s=sipcli c=IN IP4 *********** t=0 0 m=audio 5072 RTP/AVP 18 0 8 101 a=fmtp:101 0-15 a=rtpmap:18 G729/8000 a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:101 telephone-event/8000 a=ptime:20 a=sendrecv

    I'm now trying to block all external IP addresses on the router.
    There is still not being made an attempt to call an outside line.
     
  2. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,563
    Likes Received:
    245
    I've had that from time to time. They are Phishing, attempting to make Direct SIP calls. You can disable the option that allows that in 3CX, which may affect other services you have set-up, or, if it continues from a few IP's, blacklist them.
     
  3. Big-Foot

    Joined:
    Oct 25, 2016
    Messages:
    5
    Likes Received:
    0
    I became so annoying that i currently just block any IP not from our VoIP supplier.

    And 'm now logging the amount of attempts also. The amount of try's is just amazing. somewhere in the line of 100 times per minute.
     
Thread Status:
Not open for further replies.