<div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif;font-size:small;color:rgb(0,0,102)">Hi,</div><div class="gmail_default" style="font-family:tahoma,sans-serif;font-size:small;color:rgb(0,0,102)">
<br></div><div class="gmail_default" style="font-family:tahoma,sans-serif;font-size:small;color:rgb(0,0,102)">Seems a great workaround from Gareth Blades. Thanks I will try it.</div><div class="gmail_default" style="font-family:tahoma,sans-serif;font-size:small;color:rgb(0,0,102)">
<br></div><div class="gmail_default" style="font-family:tahoma,sans-serif;font-size:small;color:rgb(0,0,102)">Any way to make asterisk log a line in /var/log/messages ?</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On 10 October 2013 19:44, Michelle Dupuis <span dir="ltr"><<a href="mailto:mdupuis@ocg.ca" target="_blank">mdupuis@ocg.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div dir="ltr"><font color="#000000" face="Tahoma">Gareth:</font></div>
<div dir="ltr"><font face="tahoma"></font> </div>
<div dir="ltr"><font face="tahoma">Did you check if your message (or security) log recorded anything during these attempts? If so, can you post the content of the logs during this attack?</font></div>
<div dir="ltr"><font face="tahoma"></font> </div>
<div dir="ltr"><font face="tahoma">M</font></div>
<div style="DIRECTION:ltr">
<hr>
<font face="Tahoma"><b>From:</b> <a href="mailto:asterisk-users-bounces@lists.digium.com" target="_blank">asterisk-users-bounces@lists.digium.com</a> [<a href="mailto:asterisk-users-bounces@lists.digium.com" target="_blank">asterisk-users-bounces@lists.digium.com</a>] On Behalf Of Asghar Mohammad [<a href="mailto:asghar144@gmail.com" target="_blank">asghar144@gmail.com</a>]<br>
<b>Sent:</b> Tuesday, October 01, 2013 11:53 AM<br>
<b>To:</b> Asterisk Users List<br>
<b>Subject:</b> Re: [asterisk-users] Failed to authenticate user 1000<sip:1000@MY_OWN_IP_ADDRESS>; tag=03f82bb9<br>
</font><br>
</div><div><div class="h5">
<div></div>
<div>
<div dir="ltr">Hi,
<div>Bad boys trying to guess a valid username.</div>
<div>in sip.conf uncomment alwaysauthreject=yes and Asterisk always reject 1st invite.</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Tue, Oct 1, 2013 at 5:26 PM, Gareth Blades <span dir="ltr">
<<a href="mailto:mailinglist+asterisk@dns99.co.uk" target="_blank">mailinglist+asterisk@dns99.co.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT:1ex;MARGIN:0px 0px 0px 0.8ex;BORDER-LEFT:#ccc 1px solid">
<div bgcolor="#FFFFFF">On 01/10/13 15:44, gincantalupo wrote:
<blockquote type="cite">On Tue, Oct 1, 2013 at 5:07 AM, gincantalupo <span dir="ltr">
<<a href="mailto:gincantalupo@fgasoftware.com" target="_blank">gincantalupo@fgasoftware.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT:1ex;MARGIN:0pt 0pt 0pt 0.8ex;BORDER-LEFT:rgb(204,204,204) 1px solid">
Hi,<br>
<br>
I get a lot of these messages on my Asterisk CLI:<br>
<br>
"Failed to authenticate user 1000<a><sip:1000@MY_OWN_IP_ADDRESS></a>;tag=03f82bb9"<br>
<br>
as if my PBX machine is trying to authenticate to itself. It seems someone is attacking my asterisk PBX.<br>
<br>
Is there a way to fix this problem?</blockquote>
</blockquote>
<br>
in sip.conf I have guest connections permitted and have them going to the default context which contains :-<br>
<br>
[default]<br>
; all unauthenticated connection attempts from the internet come in here.<br>
exten => _[+*#0-9].,1,NoOp(Unauthenticated call attempt - ${SIP_HEADER(Contact)})<br>
exten => _[+*#0-9].,n,Congestion<br>
<br>
Then in fail2ban I have it match the following :-<br>
<br>
failregex = Registration from .* failed for \'<HOST>\' - Wrong password <br>
Unauthenticated call attempt .*\@<HOST>\:<br>
<br>
</div>
<br>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">
http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
</blockquote>
</div>
<br>
</div>
</div>
</div></div></div>
<br>--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br></blockquote></div><br></div>