[asterisk-users] Failed to authenticate device 100

Motty motty.cruz at gmail.com
Thu Dec 3 10:57:03 CST 2015 

Thanks M,
I have security enable,
; output security messages to the file named "Security"
security => security

I see the file created in /var/log/asterisk/security but is empty, and 
in /var/log/asterisk/messages I see the following:
[2015-12-03 06:52:32] NOTICE[19949] chan_sip.c: Failed to authenticate 
device 100<sip:100 at X.X.X.X>;tag=a121ab55

X.X.X.X is the IP of my Server, I don't know who is the attacker IP 
unless I monitor for the server using the following command:
tcpdump -lni eth0 -f "udp port 5060"

Please advise.
Thanks,
Motty

On 12/02/2015 01:53 PM, Telium Technical Support wrote:
>
> The details of the source IP are available in the asterisk security 
> log (if you have that enabled) – but that particular attack hides its 
> address from the messages file.
>
> It’s essential that you secure your PBX; there are options ranging 
> from free to commercial.  Have a look at:
>
> http://www.voip-info.org/wiki/view/Asterisk+security
>
> It’s easy to get a $20,000 phone bill, so take securing your PBX 
> seriously.
>
> -M-
>
> *From:*asterisk-users-bounces at lists.digium.com 
> [mailto:asterisk-users-bounces at lists.digium.com] *On Behalf Of *Motty
> *Sent:* Wednesday, December 02, 2015 1:12 PM
> *To:* Asterisk Users Mailing List - Non-Commercial Discussion; 
> motty.cruz at gmail.com
> *Subject:* [asterisk-users] Failed to authenticate device 100
>
> Hello, I continued to see this errors in the logs:
>
> [2015-12-02 10:05:57] NOTICE[19949]: chan_sip.c:23277 
> handle_request_invite: Failed to authenticate device 
> 100<sip:100 at xx.xx.xx.xx> <mailto:sip:100 at xx.xx.xx.xx>;tag=10cdeaf7
>
> how do I guard against this kinds of attacks? Also, to get the IP 
> address from where this attack come from I use the following command 
> "tcpdump -lni eth0 -f "udp port 5060" is there an easy way to get the 
> attacker's IP?
>
> Thanks,
> Motty
>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20151203/e366ec8f/attachment.html>

More information about the asterisk-users mailing list