[asterisk-users] Am I being hacked?

Steve Edwards asterisk.org at sedwards.com
Sun Aug 18 17:35:54 CDT 2013


On Sun, 18 Aug 2013, Ira wrote:

> [2013-08-18 05:56:29] NOTICE[17089][C-000000a8] chan_sip.c: 
>        Failed to authenticate device 390<sip:390 at xx.xx.xxx.xxx>;tag=2762c06e
> 
> I keep getting messages like this where the IP, xx.xx.xxx.xxx, is my own 
> IP.  How do I figure out where this attempt is coming from so I can 
> block it.

Any chance '390' is a legitimate (but mis-configured or obsolete) device 
on your network?

Is xx.xx.xxx.xxx a private or public address?

Can you 'wireshark' some packets and see if the OUI matches one of your 
endpoints?

-- 
Thanks in advance,
-------------------------------------------------------------------------
Steve Edwards       sedwards at sedwards.com      Voice: +1-760-468-3867 PST
Newline                                              Fax: +1-760-731-3000


More information about the asterisk-users mailing list