Jump to content

Own IPs blacklisted


bs01

Recommended Posts

We have noticed over the past few days that our IP (dynamic) is being blacklisted because of failed SIP registrations. I can't work out why this is happening, but it seems to be a problem with an expired IP still being stored somewhere.

 

The IP address 92.227.31.* has been blacklisted for 60 minutes because there were 4 unsuccessful authentication attempts (sip).
REGISTER sip:***.eu SIP/2.0
Via: SIP/2.0/UDP 78.51.207.*:64567;branch=z9hG4bKe3t97xvquk3criszb
Max-Forwards: 70
From: <sip:3431@***.eu>;tag=g9w.sbs
To: <sip:3431@***.eu>
Call-ID: 05ve9z3jk.wg.
CSeq: 35604 REGISTER
Contact: <sip:3431@78.51.207.*:64567;line=26375>
Allow: INVITE, CANCEL, BYE, ACK, REGISTER, OPTIONS, REFER, SUBSCRIBE, NOTIFY, MESSAGE, INFO, PRACK
Expires: 600
User-Agent: snom-m3-SIP/02.11 (MAC=0004132A****; HW=1)
Content-Length: 0

 

The IP 78.51.207.* hadn't been assigned to the phone for about 18 hours. The current IP is 92.227.31.* and this is the one that is being blacklisted. Each time it seems to be adifferent extension.

 

Is this a phone problem or a PBX problem? I don't want to disable blacklisting, but we can't have our phones deregistering every day because of this. I have tried to find the cause of the problem but nowhere is there any record of the old IP not expiring.

 

Is there any way to whitelist phones apart from with the IP, which we can't because they are dynamic?

Link to comment
Share on other sites

Apart from scanners in the internet, even valid devices with wrong passwords can be a problem as some of them retry to register without thinking, which becomes a DoS. Maybe that is the case with this m3.

 

Other problem cases are when a snom phone with an extension board uses a SIP subscription ("dialog" state) for each button, which also looks like DoS for the PBX (workaround: use the button assignment on the PBX).

 

The whitelisting works only on the IP address. This can be a problem especially when there are multiple devices behind a NAT router and one of them has the wrong password, which can blacklist all devices behind that NAT.

Link to comment
Share on other sites

Thanks for the suggestions. The extensions on the m3s all have the correct passwords as they are usually registered on the pbx and work without problem. The blacklisting also only occurs at irregular intervals and up until now each time it was a different extension causing it each time.

 

I will try increasing the number of tolerated attempts and see if that solves it. I still think something strange is going on with the IPs though. The second IP should not be in the log at all as it is no longer attached to the phone. Any ideas where that might be coming from? Or is this not relevant?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...