<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#ffffff">
Hi Asghar,<br>
<br>
surely this can improve security but what I'm looking for is
something to find the real attacker IP address and ban it. Fail2ban
bans my own public ip address.<br>
<br>
Thank you<br>
<br>
Giorgio<br>
<br>
<br>
On 10/01/2013 05:53 PM, Asghar Mohammad wrote:
<blockquote
cite="mid:CAL29e+r=RBV7oq9oHrhA8at-GdsfRDqNd1TGT92SA27kD_ZTag@mail.gmail.com"
type="cite">
<div dir="ltr">Hi,
<div>Bad boys trying to guess a valid username.</div>
<div>in sip.conf uncomment alwaysauthreject=yes and Asterisk
always reject 1st invite.</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">
On Tue, Oct 1, 2013 at 5:26 PM, Gareth Blades <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:mailinglist+asterisk@dns99.co.uk"
target="_blank">mailinglist+asterisk@dns99.co.uk</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
<div text="#000000" bgcolor="#FFFFFF"> On 01/10/13 15:44,
gincantalupo wrote:
<blockquote type="cite">On Tue, Oct 1, 2013 at 5:07 AM,
gincantalupo <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:gincantalupo@fgasoftware.com"
target="_blank">gincantalupo@fgasoftware.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt
0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;"> Hi,<br>
<br>
I get a lot of these messages on my Asterisk CLI:<br>
<br>
"Failed to authenticate user 1000<a
moz-do-not-send="true"><sip:1000@MY_OWN_IP_ADDRESS></a>;tag=03f82bb9"<br>
<br>
as if my PBX machine is trying to authenticate to
itself. It seems someone is attacking my asterisk PBX.<br>
<br>
Is there a way to fix this problem?</blockquote>
</blockquote>
<br>
in sip.conf I have guest connections permitted and have
them going to the default context which contains :-<br>
<br>
[default]<br>
; all unauthenticated connection attempts from the
internet come in here.<br>
exten => _[+*#0-9].,1,NoOp(Unauthenticated call attempt
- ${SIP_HEADER(Contact)})<br>
exten => _[+*#0-9].,n,Congestion<br>
<br>
Then in fail2ban I have it match the following :-<br>
<br>
failregex = Registration from .* failed for
\'<HOST>\' - Wrong password <br>
Unauthenticated call attempt
.*\@<HOST>\:<br>
<br>
</div>
<br>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a
moz-do-not-send="true" href="http://www.api-digital.com"
target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar
every Thurs:<br>
<a moz-do-not-send="true"
href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a moz-do-not-send="true"
href="http://lists.digium.com/mailman/listinfo/asterisk-users"
target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>