My internet connection is a crappy ADSL line.
I noticed that I did get alot alerts from op5 Monitor complaining about high error rate on the external network. After some investigation I noticed that UDP port 5060 generated approx 1.5 Mbps in traffic and that is more or less maximum my ADSL connection can handle. UDP port 5060 that is SIP.
A nice graph showing the errorrates, generated by op5 Monitor:
I looked into my Asterisk log:
[Sep 2 20:01:35] NOTICE[2459] chan_sip.c: Registration from ‘"3959" <sip:3959@82.182.144.134>’ failed for ‘50.97.142.134’ – No matching peer found
[Sep 2 20:01:35] NOTICE[2459] chan_sip.c: Registration from ‘"3959" <sip:3959@82.182.144.134>’ failed for ‘50.97.142.134’ – No matching peer found
[Sep 2 20:01:35] NOTICE[2459] chan_sip.c: Registration from ‘"3959" <sip:3959@82.182.144.134>’ failed for ‘50.97.142.134’ – No matching peer found
[Sep 2 20:01:35] NOTICE[2459] chan_sip.c: Registration from ‘"3959" <sip:3959@82.182.144.134>’ failed for ‘50.97.142.134’ – No matching peer found
[Sep 2 20:01:35] NOTICE[2459] chan_sip.c: Registration from ‘"3959" <sip:3959@82.182.144.134>’ failed for ‘50.97.142.134’ – No matching peer found
[Sep 2 20:01:35] NOTICE[2459] chan_sip.c: Registration from ‘"3959" <sip:3959@82.182.144.134>’ failed for ‘50.97.142.134’ – No matching peer found
Conclusion
Someone from 50.97.142.134 tries to register their SIP device on my Asterisk server, they do it an abnormal high rate.
Reaction
I created a block in my firewall on everything from 50.97.142.134. Unfortunatly it does not help much because it is on the wrong side of the ADSL connection. But I get rid of the handshaking and filled logs.
A whois search showed that the traffic comes from Softlayer in Dallas, so I wrote an email to postmaster@softlayer.com.
Lets see if I get any reaction
Leave a Reply
You must be logged in to post a comment.
