[asterisk-users] Failed to authenticate user 1000<sip:1000 at MY_OWN_IP_ADDRESS>; tag=03f82bb9

gincantalupo gincantalupo at fgasoftware.com
Wed Oct 2 10:13:07 CDT 2013


Hi Garet,

ok but since the messages contain my own public IP with this method I'm 
banning my public IP not the real attacker IP. Am I wrong?

Giorgio


On 10/01/2013 05:26 PM, Gareth Blades wrote:
> On 01/10/13 15:44, gincantalupo wrote:
>> On Tue, Oct 1, 2013 at 5:07 AM, gincantalupo 
>> <gincantalupo at fgasoftware.com <mailto:gincantalupo at fgasoftware.com>> 
>> wrote:
>>
>>     Hi,
>>
>>     I get a lot of these messages on my Asterisk CLI:
>>
>>     "Failed to authenticate user
>>     1000<sip:1000 at MY_OWN_IP_ADDRESS>;tag=03f82bb9"
>>
>>     as if my PBX machine is trying to authenticate to itself. It
>>     seems someone is attacking my asterisk PBX.
>>
>>     Is there a way to fix this problem?
>>
>
> in sip.conf I have guest connections permitted and have them going to 
> the default context which contains :-
>
> [default]
> ; all unauthenticated connection attempts from the internet come in here.
> exten => _[+*#0-9].,1,NoOp(Unauthenticated call attempt - 
> ${SIP_HEADER(Contact)})
> exten => _[+*#0-9].,n,Congestion
>
> Then in fail2ban I have it match the following :-
>
> failregex = Registration from .* failed for \'<HOST>\' - Wrong password
>             Unauthenticated call attempt .*\@<HOST>\:
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20131002/e7e5d810/attachment.html>


More information about the asterisk-users mailing list