I am currently seeing this in my IP Office Monitor, i have an IP Office 500v2 with 10.0 software and am using OneX Mobile for outside employees. This appears that something from outside is attempting to log into extension 919 which does not exist. I have SIP register turned off and H323 Auto's off as well as remote extension off. I have watched this part - From: <sip:xxx - go from extension to extension changing every few minutes for awhile now and even had my team block the IP address from coming in through our firewall. All my passwords are not default and the users that are not being used are deactivated. After all this I am still getting this entry on the monitor every minute or so.
My question is am I correct in thinking this is an attempt at hacking my system? My SIP provider tells me the IP address 95.217.58.7 is registered to RIPE Network Coordination Centre out of Amsterdam.
14:19:29 69803650mS SIP Rx: UDP 95.217.58.7:57563 -> xxx.xxx.xxx.xxx:5060
REGISTER sip:xxx.xxx.xxx.xxx SIP/2.0
Via: SIP/2.0/UDP 95.217.58.7:57563;branch=z9hG4bK918055911
Max-Forwards: 70
From: <sip:919@xxx.xxx.xxx.xxx>;tag=184735054
To: <sip:919@xxx.xxx.xxx.xxx>
Call-ID: 1104179881-1591890171-290007897
CSeq: 1 REGISTER
Contact: <sip:919@95.217.58.7:57563>
Content-Length: 0
User-Agent: Avaya IP Phone 1120E
My question is am I correct in thinking this is an attempt at hacking my system? My SIP provider tells me the IP address 95.217.58.7 is registered to RIPE Network Coordination Centre out of Amsterdam.
14:19:29 69803650mS SIP Rx: UDP 95.217.58.7:57563 -> xxx.xxx.xxx.xxx:5060
REGISTER sip:xxx.xxx.xxx.xxx SIP/2.0
Via: SIP/2.0/UDP 95.217.58.7:57563;branch=z9hG4bK918055911
Max-Forwards: 70
From: <sip:919@xxx.xxx.xxx.xxx>;tag=184735054
To: <sip:919@xxx.xxx.xxx.xxx>
Call-ID: 1104179881-1591890171-290007897
CSeq: 1 REGISTER
Contact: <sip:919@95.217.58.7:57563>
Content-Length: 0
User-Agent: Avaya IP Phone 1120E