[asterisk-users] Am I being hacked?
Steve Edwards
asterisk.org at sedwards.com
Sun Aug 18 17:35:54 CDT 2013
On Sun, 18 Aug 2013, Ira wrote:
> [2013-08-18 05:56:29] NOTICE[17089][C-000000a8] chan_sip.c:
> Failed to authenticate device 390<sip:390 at xx.xx.xxx.xxx>;tag=2762c06e
>
> I keep getting messages like this where the IP, xx.xx.xxx.xxx, is my own
> IP. How do I figure out where this attempt is coming from so I can
> block it.
Any chance '390' is a legitimate (but mis-configured or obsolete) device
on your network?
Is xx.xx.xxx.xxx a private or public address?
Can you 'wireshark' some packets and see if the OUI matches one of your
endpoints?
--
Thanks in advance,
-------------------------------------------------------------------------
Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST
Newline Fax: +1-760-731-3000
More information about the asterisk-users
mailing list