Mitel 250 connecting to unrecognized addresses

[andyring]

Hello all,

I regularly monitor the firewall at my office. We have a Mitel 250 with SIPs provided by our ISP, if that matters.

I regularly see outbound connection attempts from the phone system to IP addresses I don't recognize. Does anyone else recognize these? Is the phone system attempting to make legitimate connections?

Code: [Select]

UDP     192.168.0.9:5060    37.49.229.237:5060 
mitel Unknown
TCP-S     192.168.0.9:35488    212.70.149.4:113 
mitel Unknown
UDP     192.168.0.9:5060    37.49.229.237:5060 
mitel Unknown
TCP-S     192.168.0.9:48817    212.70.149.4:113 
mitel Unknown
UDP     192.168.0.9:5060    37.49.229.237:5060 
mitel Unknown
UDP     192.168.0.9:5060    37.49.229.237:5060 
mitel Unknown
TCP-S     192.168.0.9:43942    212.70.149.4:113 
mitel Unknown
UDP     192.168.0.9:5060    37.49.229.237:5060 
mitel Unknown
TCP-S     192.168.0.9:38707    212.70.149.4:113 
mitel Unknown
UDP     192.168.0.9:5060    37.49.229.237:5060 
mitel Unknown
TCP-S     192.168.0.9:41217    212.70.149.4:113 
mitel Unknown
TCP-S     192.168.0.9:55201       1.179.231.219:113 
mitel Unknown
UDP     192.168.0.9:5060    37.49.229.237:5060 
mitel Unknown
TCP-S     192.168.0.9:36729    212.70.149.4:113 
mitel Unknown
UDP     192.168.0.9:5060    37.49.229.237:5060 
mitel Unknown
TCP-S     192.168.0.9:46927    212.70.149.4:113 
mitel Unknown
UDP     192.168.0.9:5060    37.49.229.237:5060 
mitel Unknown
TCP-S     192.168.0.9:53222    212.70.149.4:113 
mitel Unknown
UDP     192.168.0.9:5060    37.49.229.237:5060 
mitel Unknown
TCP-S     192.168.0.9:50158    212.70.149.4:113 
mitel Unknown
UDP     192.168.0.9:5060    37.49.229.237:5060 
mitel Unknown

[acejavelin]

Check with your SIP provider, but my guess is going to be those are alternate IP for RTP or other services for 37.49.229.237...

212.70.149.4:113 is IDENT lookup to LACNIC, which is the Internet Address Registry of Latin America and the Caribbean, odd, but not likely malicious.