bs01 Posted May 23, 2012 Report Share Posted May 23, 2012 We have noticed over the past few days that our IP (dynamic) is being blacklisted because of failed SIP registrations. I can't work out why this is happening, but it seems to be a problem with an expired IP still being stored somewhere. The IP address 92.227.31.* has been blacklisted for 60 minutes because there were 4 unsuccessful authentication attempts (sip). REGISTER sip:***.eu SIP/2.0 Via: SIP/2.0/UDP 78.51.207.*:64567;branch=z9hG4bKe3t97xvquk3criszb Max-Forwards: 70 From: <sip:3431@***.eu>;tag=g9w.sbs To: <sip:3431@***.eu> Call-ID: 05ve9z3jk.wg. CSeq: 35604 REGISTER Contact: <sip:3431@78.51.207.*:64567;line=26375> Allow: INVITE, CANCEL, BYE, ACK, REGISTER, OPTIONS, REFER, SUBSCRIBE, NOTIFY, MESSAGE, INFO, PRACK Expires: 600 User-Agent: snom-m3-SIP/02.11 (MAC=0004132A****; HW=1) Content-Length: 0 The IP 78.51.207.* hadn't been assigned to the phone for about 18 hours. The current IP is 92.227.31.* and this is the one that is being blacklisted. Each time it seems to be adifferent extension. Is this a phone problem or a PBX problem? I don't want to disable blacklisting, but we can't have our phones deregistering every day because of this. I have tried to find the cause of the problem but nowhere is there any record of the old IP not expiring. Is there any way to whitelist phones apart from with the IP, which we can't because they are dynamic? Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted May 24, 2012 Report Share Posted May 24, 2012 Apart from scanners in the internet, even valid devices with wrong passwords can be a problem as some of them retry to register without thinking, which becomes a DoS. Maybe that is the case with this m3. Other problem cases are when a snom phone with an extension board uses a SIP subscription ("dialog" state) for each button, which also looks like DoS for the PBX (workaround: use the button assignment on the PBX). The whitelisting works only on the IP address. This can be a problem especially when there are multiple devices behind a NAT router and one of them has the wrong password, which can blacklist all devices behind that NAT. Quote Link to comment Share on other sites More sharing options...
pbx support Posted May 24, 2012 Report Share Posted May 24, 2012 Other option is to increase the "Number of tolerated attempts" to 10 or 20 or so. This should take care of most of the problem. But at the same time, "unwanted" devices (scanners) will be blacklisted slowly. Quote Link to comment Share on other sites More sharing options...
bs01 Posted May 24, 2012 Author Report Share Posted May 24, 2012 Thanks for the suggestions. The extensions on the m3s all have the correct passwords as they are usually registered on the pbx and work without problem. The blacklisting also only occurs at irregular intervals and up until now each time it was a different extension causing it each time. I will try increasing the number of tolerated attempts and see if that solves it. I still think something strange is going on with the IPs though. The second IP should not be in the log at all as it is no longer attached to the phone. Any ideas where that might be coming from? Or is this not relevant? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.