[asterisk-users] Failed to authenticate user 1000<sip:1000 at MY_OWN_IP_ADDRESS>; tag=03f82bb9
Tiago Geada
tiago.geada at gmail.com
Fri Oct 11 12:43:25 CDT 2013
Hi,
Seems a great workaround from Gareth Blades. Thanks I will try it.
Any way to make asterisk log a line in /var/log/messages ?
On 10 October 2013 19:44, Michelle Dupuis <mdupuis at ocg.ca> wrote:
> Gareth:
>
> Did you check if your message (or security) log recorded anything during
> these attempts? If so, can you post the content of the logs during this
> attack?
>
> M
> ------------------------------
> *From:* asterisk-users-bounces at lists.digium.com [
> asterisk-users-bounces at lists.digium.com] On Behalf Of Asghar Mohammad [
> asghar144 at gmail.com]
> *Sent:* Tuesday, October 01, 2013 11:53 AM
> *To:* Asterisk Users List
> *Subject:* Re: [asterisk-users] Failed to authenticate user
> 1000<sip:1000 at MY_OWN_IP_ADDRESS>; tag=03f82bb9
>
> Hi,
> Bad boys trying to guess a valid username.
> in sip.conf uncomment alwaysauthreject=yes and Asterisk always reject 1st
> invite.
>
>
> On Tue, Oct 1, 2013 at 5:26 PM, Gareth Blades <
> mailinglist+asterisk at dns99.co.uk> wrote:
>
>> On 01/10/13 15:44, gincantalupo wrote:
>>
>> On Tue, Oct 1, 2013 at 5:07 AM, gincantalupo <
>> gincantalupo at fgasoftware.com> wrote:
>>
>>> Hi,
>>>
>>> I get a lot of these messages on my Asterisk CLI:
>>>
>>> "Failed to authenticate user 1000<sip:1000 at MY_OWN_IP_ADDRESS>
>>> ;tag=03f82bb9"
>>>
>>> as if my PBX machine is trying to authenticate to itself. It seems
>>> someone is attacking my asterisk PBX.
>>>
>>> Is there a way to fix this problem?
>>
>>
>> in sip.conf I have guest connections permitted and have them going to the
>> default context which contains :-
>>
>> [default]
>> ; all unauthenticated connection attempts from the internet come in here.
>> exten => _[+*#0-9].,1,NoOp(Unauthenticated call attempt -
>> ${SIP_HEADER(Contact)})
>> exten => _[+*#0-9].,n,Congestion
>>
>> Then in fail2ban I have it match the following :-
>>
>> failregex = Registration from .* failed for \'<HOST>\' - Wrong password
>> Unauthenticated call attempt .*\@<HOST>\:
>>
>>
>> --
>> _____________________________________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>> http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>> http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20131011/723f707e/attachment.html>
More information about the asterisk-users
mailing list