TIPS es_pjsip/pjsip_distributor.c: Request 'INVITE' from <foo> failed

[perissf]

Hi there,
apologize for the dumb question.
I have just started a FreePBX server. The goal is to connect to a DID number in order to route incoming calls to an IVR and eventually forward them to a voicemail.
I created a SIP Settings with default data, and denying Anonymous Inbound SIP Calls and denying SIP Guests.
Then I created an Inbound Route with default data and setting Destination = my IVR

Now I see in the logs that I am under possible attack, with multiple INVITE requests like this (I masked the IP numbers):

[2021-05-26 16:38:47] NOTICE[2036] res_pjsip/pjsip_distributor.c: Request 'INVITE' from '<sip:[email protected].15>' failed for 'xyz.46.255.qwer5:61143' (callid: 405871616-978609250-1197798626) - No matching endpoint found after 10 tries in 1.164 ms

Have I done something wrong?
Thanks!

 

[kenn10]

Are you using IncrediblePBX or stock FreePBX? IncrediblePBX only allows whitelisted IP's to see the system. If you're using stock FreePBX, you'd better figure out what is wrong with your firewall.

 

[ostridge]

just started a FreePBX server

If it is incrediblepbx you are in the correct forum.
incrediblepbx uses iptables to block all IPs from getting through; and the trusted voip providers are whitelisted.

else maybe you want:-

Community | FreePBX ​

 

[Halea]

... I am under possible attack, with multiple INVITE requests like this ...

What kind of router/gateway/firewall are you running? Regardless how well the PBX protects itself against intruders it's always a good practice to only allow the strict minimum traffic into your local network.

For the PBX, if your main router has the capability, allow only UDP traffic from your upstream DID provider to port 5060 (or whatever port # you are using for SIP registration). If you have phone extensions on the public internet (or elsewhere than your LAN) you would also need to similarly allow their respective IP addresses into your LAN and onto your PBX.

If you can do this much, that would make most SIP registration scanners go away.

If you only rely on your PBX's defenses to avoid intruders it will still work but you will keep seeing some unwanted traffic (or "noise") on your LAN as those queries will be passing through your router into your local area network, all the way up to your PBX computer before being zapped. So, depending on the intensity of the scans that could be disruptive to your normal traffic, especially if you have limited bandwidth and you have timing sensitive traffic like audio/video streams going on.

 

[perissf]

Thanks to all!
The server is a Raspberry with Buster and FreePbx (sorry, it's not the right topic). The firewall is running on the router provided by my internet provider, but I think I have to work a little bit more on it.
Further updates will follow

 

[perissf]

Update: I solved the issue after implementing stricter rules on the firewall! Thanks to all

 

[Samot]

I didn't realize that Chan_PJSIP saying there was no matching PJSIP endpoint was a firewall problem. I mean, it must have gotten passed the firewall to get to Asterisk. That's more of a "couldn't find a PJSIP endpoint that matches" which means by the normal standards of how PJSIP matches endpoints that make requests.

 

[kenn10]

It just meant that he isn't running a proper firewall on his FreePBX system and a hacker was trying to access his system with bogus registration. He isn't running IncrediblePBX and his original post said he was only using a router firewall from his ISP.