[asterisk-users] Failed to authenticate user 1000<sip:1000 at MY_OWN_IP_ADDRESS>; tag=03f82bb9

[Asghar Mohammad]

Hi,
Bad boys trying to guess a valid username.
in sip.conf uncomment  alwaysauthreject=yes and Asterisk always reject 1st
invite.


On Tue, Oct 1, 2013 at 5:26 PM, Gareth Blades <
mailinglist+asterisk at dns99.co.uk> wrote:

>  On 01/10/13 15:44, gincantalupo wrote:
>
> On Tue, Oct 1, 2013 at 5:07 AM, gincantalupo <gincantalupo at fgasoftware.com
> > wrote:
>
>> Hi,
>>
>> I get a lot of these messages on my Asterisk CLI:
>>
>> "Failed to authenticate user 1000<sip:1000 at MY_OWN_IP_ADDRESS>
>> ;tag=03f82bb9"
>>
>> as if my PBX machine is trying to authenticate to itself. It seems
>> someone is attacking my asterisk PBX.
>>
>> Is there a way to fix this problem?
>
>
> in sip.conf I have guest connections permitted and have them going to the
> default context which contains :-
>
> [default]
> ; all unauthenticated connection attempts from the internet come in here.
> exten => _[+*#0-9].,1,NoOp(Unauthenticated call attempt -
> ${SIP_HEADER(Contact)})
> exten => _[+*#0-9].,n,Congestion
>
> Then in fail2ban I have it match the following :-
>
> failregex = Registration from .* failed for \'<HOST>\' - Wrong password
>             Unauthenticated call attempt .*\@<HOST>\:
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>                http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20131001/219f3fd6/attachment.html>