[asterisk-users] Registration from '"000000" x 1000

[Jonas Kellens]

On 04/02/2011 02:08 PM, Steve Davies wrote:
> On 2 April 2011 09:46, Jonas Kellens<jonas.kellens at telenet.be>  wrote:
>    
>> Hello list,
>>
>> I often see the following in my message log :
>>
>> [Apr  2 08:15:01] NOTICE[22988] chan_sip.c: Registration from '"000000"
>> <sip:000000 at MY-IP>' failed for '184.106.109.168' - No matching peer found
>> [Apr  2 08:15:01] NOTICE[22988] chan_sip.c: Registration from '"000000"
>> <sip:000000 at MY-IP>' failed for '184.106.109.168' - No matching peer found
>> [Apr  2 08:15:01] NOTICE[22988] chan_sip.c: Registration from '"000000"
>> <sip:000000 at MY-IP>' failed for '184.106.109.168' - No matching peer found
>> [Apr  2 08:15:01] NOTICE[22988] chan_sip.c: Registration from '"000000"
>> <sip:000000 at MY-IP>' failed for '184.106.109.168' - No matching peer found
>> [Apr  2 08:15:01] NOTICE[22988] chan_sip.c: Registration from '"000000"
>> <sip:000000 at MY-IP>' failed for '184.106.109.168' - No matching peer found
>>
>> And there are hundreds of them...
>>
>>
>> Is there a setting so I can make Asterisk not respond to SIP PEER
>> registrations which are not in my sip.conf or my realtime MySQL DB ??
>>      
> Yes, you add a rule to your firewall! Even better, get it filtered
> further out so that it does not waste your inbound Internet bandwidth,
> because in my experience, once those SIP spammers start, they continue
> for weeks at the very least.
>
> IIRC, the way SIP registrations works basically requires than an
> failed/un-authorised attempt is responded to, so that the other party
> knows to authenticate. If you stop sending that response, no-one can
> authenticate.
>
> Hope that helps.
> Steve
So in short, there is no way of throwing away registrations that are not 
in sip.conf.

The only thing I can do is check the messages file now and then to see 
if there were bad registrations, and then blacklist them.


Kind regards,
Jonas.