[asterisk-users] Failed to authenticate user 1000<sip:1000 at MY_OWN_IP_ADDRESS>; tag=03f82bb9
Michelle Dupuis
mdupuis at ocg.ca
Thu Oct 10 13:44:01 CDT 2013
Gareth:
Did you check if your message (or security) log recorded anything during these attempts? If so, can you post the content of the logs during this attack?
M
________________________________
From: asterisk-users-bounces at lists.digium.com [asterisk-users-bounces at lists.digium.com] On Behalf Of Asghar Mohammad [asghar144 at gmail.com]
Sent: Tuesday, October 01, 2013 11:53 AM
To: Asterisk Users List
Subject: Re: [asterisk-users] Failed to authenticate user 1000<sip:1000 at MY_OWN_IP_ADDRESS>; tag=03f82bb9
Hi,
Bad boys trying to guess a valid username.
in sip.conf uncomment alwaysauthreject=yes and Asterisk always reject 1st invite.
On Tue, Oct 1, 2013 at 5:26 PM, Gareth Blades <mailinglist+asterisk at dns99.co.uk<mailto:mailinglist+asterisk at dns99.co.uk>> wrote:
On 01/10/13 15:44, gincantalupo wrote:
On Tue, Oct 1, 2013 at 5:07 AM, gincantalupo <gincantalupo at fgasoftware.com<mailto:gincantalupo at fgasoftware.com>> wrote:
Hi,
I get a lot of these messages on my Asterisk CLI:
"Failed to authenticate user 1000<sip:1000 at MY_OWN_IP_ADDRESS>;tag=03f82bb9"
as if my PBX machine is trying to authenticate to itself. It seems someone is attacking my asterisk PBX.
Is there a way to fix this problem?
in sip.conf I have guest connections permitted and have them going to the default context which contains :-
[default]
; all unauthenticated connection attempts from the internet come in here.
exten => _[+*#0-9].,1,NoOp(Unauthenticated call attempt - ${SIP_HEADER(Contact)})
exten => _[+*#0-9].,n,Congestion
Then in fail2ban I have it match the following :-
failregex = Registration from .* failed for \'<HOST>\' - Wrong password
Unauthenticated call attempt .*\@<HOST>\:
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20131010/a6b55799/attachment.html>
More information about the asterisk-users
mailing list