<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#ffffff">
Hi Garet,<br>
<br>
ok but since the messages contain my own public IP with this method
I'm banning my public IP not the real attacker IP. Am I wrong?<br>
<br>
Giorgio<br>
<br>
<br>
On 10/01/2013 05:26 PM, Gareth Blades wrote:
<blockquote cite="mid:524AE9A8.8070504@dns99.co.uk" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
On 01/10/13 15:44, gincantalupo wrote:
<blockquote cite="mid:524ADFEA.1020102@fgasoftware.com"
type="cite">On Tue, Oct 1, 2013 at 5:07 AM, gincantalupo <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:gincantalupo@fgasoftware.com" target="_blank">gincantalupo@fgasoftware.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;"> Hi,<br>
<br>
I get a lot of these messages on my Asterisk CLI:<br>
<br>
"Failed to authenticate user 1000<a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="sip:1000@MY_OWN_IP_ADDRESS"><sip:1000@MY_OWN_IP_ADDRESS></a>;tag=03f82bb9"<br>
<br>
as if my PBX machine is trying to authenticate to itself. It
seems someone is attacking my asterisk PBX.<br>
<br>
Is there a way to fix this problem?</blockquote>
</blockquote>
<br>
in sip.conf I have guest connections permitted and have them going
to the default context which contains :-<br>
<br>
[default]<br>
; all unauthenticated connection attempts from the internet come
in here.<br>
exten => _[+*#0-9].,1,NoOp(Unauthenticated call attempt -
${SIP_HEADER(Contact)})<br>
exten => _[+*#0-9].,n,Congestion<br>
<br>
Then in fail2ban I have it match the following :-<br>
<br>
failregex = Registration from .* failed for \'<HOST>\' -
Wrong password <br>
Unauthenticated call attempt .*\@<HOST>\:<br>
<br>
</blockquote>
<br>
</body>
</html>