rev.ponytelecom.eu sending out SIP requests from my IPPBX
Hi,
I'm an IP PBX admin new to this forum. I usually don't have to administer the Linux side of things, but because of the COVID-19 crisis, we have to improvise a bit. Our PBX is Running on FreeBSD version 11.3 release -p3 I was checking traffic with wireshark when I realised I had an unwanted visitor. I tried blocking traffic from firewall but realised something had installed itself on my server and running connection attemps from the inside to the outside. I went through multiple forums. Tried blocking different IP addresses in my firewall but nothing works. I need to find and Kill this process ... How do I locate the process that's running these requests ? And, how do I kill it for good ? here are a couple of samples : PCAP FROM ROUTER: 11:17:29.714762 IP "MYIPADDRESS"-ent-hood-staticipeast.wireless.telus.com.5060 > 163-172-230-4.rev.poneytelecom.eu.555 02: SIP: SIP/2.0 404 Not Found 11:17:41.719531 IP "MYIPADDRESS"-ent-hood-staticipeast.wireless.telus.com.5060 > 163-172-230-4.rev.poneytelecom.eu.555 02: SIP: SIP/2.0 404 Not Found 11:17:33.716341 IP "MYIPADDRESS"-ent-hood-staticipeast.wireless.telus.com.5060 > 163-172-230-4.rev.poneytelecom.eu.555 02: SIP: SIP/2.0 404 Not Found 11:17:37.717958 IP "MYIPADDRESS"-ent-hood-staticipeast.wireless.telus.com.5060 > 163-172-230-4.rev.poneytelecom.eu.555 02: SIP: SIP/2.0 404 Not Found FROM PBX 11:17:38.845157 IP tactical80102.usar.local.sip > 163-172-230-4.rev.poneytelecom.eu.55502: SIP: SIP/2.0 404 Not Found 11:17:42.846765 IP tactical80102.usar.local.sip > 163-172-230-4.rev.poneytelecom.eu.55502: SIP: SIP/2.0 404 Not Found 11:17:46.848540 IP tactical80102.usar.local.sip > 163-172-230-4.rev.poneytelecom.eu.55502: SIP: SIP/2.0 404 Not Found 11:17:50.850131 IP tactical80102.usar.local.sip > 163-172-230-4.rev.poneytelecom.eu.55502: SIP: SIP/2.0 404 Not Found 11:17:54.851831 IP tactical80102.usar.local.sip > 163-172-230-4.rev.poneytelecom.eu.55502: SIP: SIP/2.0 404 Not Found 11:17:58.853464 IP tactical80102.usar.local.sip > 163-172-230-4.rev.poneytelecom.eu.55502: SIP: SIP/2.0 404 Not Found Thanks so much for any help you guys can provide. |
Hmmm... to start this thread off, could you check if something is listening on a port that shouldn't be with
Code:
sockstat -4 -l Code:
top |
poneytelecom... that rings a bell... maybe this helps:
https://www.linuxquestions.org/quest...-s-4175617328/ |
All times are GMT -5. The time now is 02:54 PM. |