[WXC/VFX] Trixbox - Random incoming calls

Hey Guys,
Have a very wierd thing happening today. Basically one of our call groups keeps ringing, however no one is on the other end and Trixbox isn't reporting any external calls. In the callerid on the phones it says "asterisk".

Looking at the server I'm seeing the following:

[Dec 18 10:46:39] VERBOSE[32057] logger.c:     -- Executing [900033182880295@from-sip-external:1] NoOp("SIP/113.105.152.104-09d5d9d0", "Received incoming SIP connection from unknown peer to 900033182880295") in new stack
[Dec 18 10:46:39] VERBOSE[32057] logger.c:     -- Executing [900033182880295@from-sip-external:2] Set("SIP/113.105.152.104-09d5d9d0", "DID=900033182880295") in new stack
[Dec 18 10:46:39] VERBOSE[32057] logger.c:     -- Executing [900033182880295@from-sip-external:3] Goto("SIP/113.105.152.104-09d5d9d0", "s|1") in new stack
[Dec 18 10:46:39] VERBOSE[32057] logger.c:     -- Goto (from-sip-external,s,1)
[Dec 18 10:46:39] VERBOSE[32057] logger.c:     -- Executing [s@from-sip-external:1] GotoIf("SIP/113.105.152.104-09d5d9d0", "1?from-trunk|900033182880295|1") in new stack
[Dec 18 10:46:39] VERBOSE[32057] logger.c:     -- Goto (from-trunk,900033182880295,1)
[Dec 18 10:46:39] VERBOSE[32057] logger.c:     -- Executing [900033182880295@from-trunk:1] NoOp("SIP/113.105.152.104-09d5d9d0", "Catch-All DID Match - Found 900033182880295 - You probably want a DID for this.") in new stack
[Dec 18 10:46:39] VERBOSE[32057] logger.c:     -- Executing [900033182880295@from-trunk:2] Goto("SIP/113.105.152.104-09d5d9d0", "ext-did|s|1") in new stack
[Dec 18 10:46:39] VERBOSE[32057] logger.c:     -- Goto (ext-did,s,1)
[Dec 18 10:46:39] VERBOSE[32057] logger.c:     -- Executing [s@ext-did:1] Set("SIP/113.105.152.104-09d5d9d0", "__FROM_DID=s") in new stack
[Dec 18 10:46:39] VERBOSE[32057] logger.c:     -- Executing [s@ext-did:2] Gosub("SIP/113.105.152.104-09d5d9d0", "app-blacklist-check|s|1") in new stack
[Dec 18 10:46:39] VERBOSE[32057] logger.c:     -- Executing [s@app-blacklist-check:1] LookupBlacklist("SIP/113.105.152.104-09d5d9d0", "") in new stack
[Dec 18 10:46:39] VERBOSE[32057] logger.c:     -- Executing [s@app-blacklist-check:2] GotoIf("SIP/113.105.152.104-09d5d9d0", "0?blacklisted") in new stack
[Dec 18 10:46:39] VERBOSE[32057] logger.c:     -- Executing [s@app-blacklist-check:3] Return("SIP/113.105.152.104-09d5d9d0", "") in new stack
[Dec 18 10:46:39] VERBOSE[32057] logger.c:     -- Executing [s@ext-did:3] ExecIf("SIP/113.105.152.104-09d5d9d0", "0 |Set|CALLERID(name)=asterisk") in new stack
[Dec 18 10:46:39] VERBOSE[32057] logger.c:     -- Executing [s@ext-did:4] Set("SIP/113.105.152.104-09d5d9d0", "__CALLINGPRES_SV=allowed_not_screened") in new stack
[Dec 18 10:46:39] VERBOSE[32057] logger.c:     -- Executing [s@ext-did:5] SetCallerPres("SIP/113.105.152.104-09d5d9d0", "allowed_not_screened") in new stack
[Dec 18 10:46:39] VERBOSE[32057] logger.c:     -- Executing [s@ext-did:6] Goto("SIP/113.105.152.104-09d5d9d0", "ext-group|600|1") in new stack
[Dec 18 10:46:39] VERBOSE[32057] logger.c:     -- Goto (ext-group,600,1)
[Dec 18 10:46:39] VERBOSE[32057] logger.c:     -- Executing [600@ext-group:1] Macro("SIP/113.105.152.104-09d5d9d0", "user-callerid|") in new stack
[Dec 18 10:46:39] VERBOSE[32057] logger.c:     -- Executing [s@macro-user-callerid:1] Set("SIP/113.105.152.104-09d5d9d0", "AMPUSER=asterisk") in new stack

The IP address is pretty random. I traced it and it went back to Korea. One thing that I could think of is that they are conencting via SIP directly to the system and trying to make a call out through it? When I was setting up with DVX they suggested I:

"Allow Anonymous Inbound SIP Calls?"

Could this be related?

Zeon

bender

sbiddle