Mitel Forums - The Unofficial Source
Mitel Forums => MiVoice Office 250/Mitel 5000 => Topic started by: andyring on September 10, 2020, 03:09:42 PM
-
Hello all,
I regularly monitor the firewall at my office. We have a Mitel 250 with SIPs provided by our ISP, if that matters.
I regularly see outbound connection attempts from the phone system to IP addresses I don't recognize. Does anyone else recognize these? Is the phone system attempting to make legitimate connections?
UDP 192.168.0.9:5060 37.49.229.237:5060
mitel Unknown
TCP-S 192.168.0.9:35488 212.70.149.4:113
mitel Unknown
UDP 192.168.0.9:5060 37.49.229.237:5060
mitel Unknown
TCP-S 192.168.0.9:48817 212.70.149.4:113
mitel Unknown
UDP 192.168.0.9:5060 37.49.229.237:5060
mitel Unknown
UDP 192.168.0.9:5060 37.49.229.237:5060
mitel Unknown
TCP-S 192.168.0.9:43942 212.70.149.4:113
mitel Unknown
UDP 192.168.0.9:5060 37.49.229.237:5060
mitel Unknown
TCP-S 192.168.0.9:38707 212.70.149.4:113
mitel Unknown
UDP 192.168.0.9:5060 37.49.229.237:5060
mitel Unknown
TCP-S 192.168.0.9:41217 212.70.149.4:113
mitel Unknown
TCP-S 192.168.0.9:55201 1.179.231.219:113
mitel Unknown
UDP 192.168.0.9:5060 37.49.229.237:5060
mitel Unknown
TCP-S 192.168.0.9:36729 212.70.149.4:113
mitel Unknown
UDP 192.168.0.9:5060 37.49.229.237:5060
mitel Unknown
TCP-S 192.168.0.9:46927 212.70.149.4:113
mitel Unknown
UDP 192.168.0.9:5060 37.49.229.237:5060
mitel Unknown
TCP-S 192.168.0.9:53222 212.70.149.4:113
mitel Unknown
UDP 192.168.0.9:5060 37.49.229.237:5060
mitel Unknown
TCP-S 192.168.0.9:50158 212.70.149.4:113
mitel Unknown
UDP 192.168.0.9:5060 37.49.229.237:5060
mitel Unknown
-
Check with your SIP provider, but my guess is going to be those are alternate IP for RTP or other services for 37.49.229.237...
212.70.149.4:113 is IDENT lookup to LACNIC, which is the Internet Address Registry of Latin America and the Caribbean, odd, but not likely malicious.