16 million failed SIP registrations in 24 hours from 1 host

I recently stood up a Bicom PBXware virtual machine to do some testing. I noticed that there were a few thousand SIP registration failures a couple hours later as the box sat idle. Today, I hopped on the box to begin some configuration for my testing environment and noticed the failed SIP registrations now sat at 16 million, or about 185/sec. Investigating only from the dashboard, I noticed that they were all from the same IP address 167.x.x.255, which is a Digital Ocean IP. If I disable Continue reading →

#sip, #voip

Detecting if SIP ALG is enabled on network

One of the first things I troubleshoot in a SIP trouble ticket is determining if the network is SIP aware. Sometimes I don’t have access to the network to analyze traffic, so here’s a method I use to figure things out with Wireshark, tcpdump and setting a SIP phone to point to my Linux box. Continue reading →

#alg, #sip, #voip

Unable to negotiate with port 22: no matching key exchange method found.

Working with an older Cisco ASA, I was not able to directly SSH to the host using SSH on Windows unless I specified the diffie-hellman-group1-sha1 algorithm. PuTTY gives the following warning: For Windows, I can use the following command to SSH (as well as SCP). ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 user@host Continue reading →

#cisco, #cisco-asa

Could not establish trust relationship for the SSL/TLS secure channel.

Working with some older Cisco ASA devices, I’m trying to access the ASDM interface. The browser isn’t giving me luck, so I turned to PowerShell to help me, but I get the following error when trying an Invoke-WebRequest to grab the asdm.jnlp file I need. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. Eh, ok. My first thought was to somehow avoid a certificate check but I did not see a native way of doing this with Invoke-WebRequest (at Continue reading →

#cisco, #powershell

Cisco WAP571 SNMP poll of apRadioNumAssociatedStations returning 0

For some reason on a Cisco WAP571, the SNMP value returned from apRadioNumAssociatedStations is always zero. This is true on firmware tested WAP571 (pgwap571, 1.1.0.3). I have a few of these units around that are not updated to the latest firmware and will test that OID. I can find data in the apAssocTable to create indexes. For now I've created a hack to just snmptable the apAssocTable and count return index values to then pass to Cacti to graph. snmptable -Cl -CB -Ci -OX -Cb Continue reading →

#cacti, #cisco, #snmp