[asterisk-users] Registration from '"000000" x 1000
Terry Brummell
terry at brummell.net
Sat Apr 2 15:31:58 CDT 2011
-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Jonas
Kellens
Sent: Saturday, April 02, 2011 11:51 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Registration from '"000000" x 1000
On 04/02/2011 02:08 PM, Steve Davies wrote:
> On 2 April 2011 09:46, Jonas Kellens<jonas.kellens at telenet.be> wrote:
>
>> Hello list,
>>
>> I often see the following in my message log :
>>
>> [Apr 2 08:15:01] NOTICE[22988] chan_sip.c: Registration from
'"000000"
>> <sip:000000 at MY-IP>' failed for '184.106.109.168' - No matching peer
found
>> [Apr 2 08:15:01] NOTICE[22988] chan_sip.c: Registration from
'"000000"
>> <sip:000000 at MY-IP>' failed for '184.106.109.168' - No matching peer
found
>> [Apr 2 08:15:01] NOTICE[22988] chan_sip.c: Registration from
'"000000"
>> <sip:000000 at MY-IP>' failed for '184.106.109.168' - No matching peer
found
>> [Apr 2 08:15:01] NOTICE[22988] chan_sip.c: Registration from
'"000000"
>> <sip:000000 at MY-IP>' failed for '184.106.109.168' - No matching peer
found
>> [Apr 2 08:15:01] NOTICE[22988] chan_sip.c: Registration from
'"000000"
>> <sip:000000 at MY-IP>' failed for '184.106.109.168' - No matching peer
found
>>
>> And there are hundreds of them...
>>
>>
>> Is there a setting so I can make Asterisk not respond to SIP PEER
>> registrations which are not in my sip.conf or my realtime MySQL DB ??
>>
> Yes, you add a rule to your firewall! Even better, get it filtered
> further out so that it does not waste your inbound Internet bandwidth,
> because in my experience, once those SIP spammers start, they continue
> for weeks at the very least.
>
> IIRC, the way SIP registrations works basically requires than an
> failed/un-authorised attempt is responded to, so that the other party
> knows to authenticate. If you stop sending that response, no-one can
> authenticate.
>
> Hope that helps.
> Steve
So in short, there is no way of throwing away registrations that are not
in sip.conf.
The only thing I can do is check the messages file now and then to see
if there were bad registrations, and then blacklist them.
Kind regards,
Jonas.
Search the archive for Fail2Ban, it is what you are looking for.
More information about the asterisk-users
mailing list