[asterisk-users] Failed to authenticate user 1000<sip:1000 at MY_OWN_IP_ADDRESS>; tag=03f82bb9
gincantalupo
gincantalupo at fgasoftware.com
Wed Oct 2 10:13:07 CDT 2013
Hi Garet,
ok but since the messages contain my own public IP with this method I'm
banning my public IP not the real attacker IP. Am I wrong?
Giorgio
On 10/01/2013 05:26 PM, Gareth Blades wrote:
> On 01/10/13 15:44, gincantalupo wrote:
>> On Tue, Oct 1, 2013 at 5:07 AM, gincantalupo
>> <gincantalupo at fgasoftware.com <mailto:gincantalupo at fgasoftware.com>>
>> wrote:
>>
>> Hi,
>>
>> I get a lot of these messages on my Asterisk CLI:
>>
>> "Failed to authenticate user
>> 1000<sip:1000 at MY_OWN_IP_ADDRESS>;tag=03f82bb9"
>>
>> as if my PBX machine is trying to authenticate to itself. It
>> seems someone is attacking my asterisk PBX.
>>
>> Is there a way to fix this problem?
>>
>
> in sip.conf I have guest connections permitted and have them going to
> the default context which contains :-
>
> [default]
> ; all unauthenticated connection attempts from the internet come in here.
> exten => _[+*#0-9].,1,NoOp(Unauthenticated call attempt -
> ${SIP_HEADER(Contact)})
> exten => _[+*#0-9].,n,Congestion
>
> Then in fail2ban I have it match the following :-
>
> failregex = Registration from .* failed for \'<HOST>\' - Wrong password
> Unauthenticated call attempt .*\@<HOST>\:
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20131002/e7e5d810/attachment.html>
More information about the asterisk-users
mailing list