xodious Posted January 9, 2020 Report Share Posted January 9, 2020 Is there a way to tell what registrations, calls or attempts are being handled by Vodia that the System Resources graph would count as a call leg, while the call log wouldn't? For example, /reg_callog.htm at the administrator level doesn't show calls between 2 and 3 AM, but the System Resources -> Calls Graph may show a high number of Call Legs. (6-40 for example.) Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted January 11, 2020 Report Share Posted January 11, 2020 That would be a scenario where something fishy was going on - for example a device was trying to start a call but could not get past the authentication phase. If the IP address of the source was blacklisted because of this the admin would get an email notification about this (important) event. Quote Link to comment Share on other sites More sharing options...
xodious Posted January 13, 2020 Author Report Share Posted January 13, 2020 It appears to be so... https://github.com/EnableSecurity/sipvicious I open the PBX with this issue to the world and it only blocks attempts like this for an hour for each attacking IP address. Are there changes that one would suggest? I have clients that roam around non static IP space. Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted January 13, 2020 Report Share Posted January 13, 2020 There is a list of SIP User agents that are rejected - this should include SipVicious. Another simple thing you can do is to give the PBX a real domain name (not "localhost") and then block any request that does not match the domain name. This is a little bit like a password that can very effectively block such attempts. This makes a lot of sense if you are on public IP. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.