Hi,
Seems a great workaround from Gareth Blades. Thanks I will try it.
Any way to make asterisk log a line in /var/log/messages ?
On 10 October 2013 19:44, Michelle Dupuis <mdup...@ocg.ca> wrote:
> Gareth:
>
> Did you check if your message (or security) log recorded anything during
> these attempts? If so, can you post the content of the logs during this
> attack?
>
> M
> ------------------------------
> *From:* asterisk-users-boun...@lists.digium.com [
> asterisk-users-boun...@lists.digium.com] On Behalf Of Asghar Mohammad [
> asghar...@gmail.com]
> *Sent:* Tuesday, October 01, 2013 11:53 AM
> *To:* Asterisk Users List
> *Subject:* Re: [asterisk-users] Failed to authenticate user
> 1000<sip:1000@MY_OWN_IP_ADDRESS>; tag=03f82bb9
>
> Hi,
> Bad boys trying to guess a valid username.
> in sip.conf uncomment alwaysauthreject=yes and Asterisk always reject 1st
> invite.
>
>
> On Tue, Oct 1, 2013 at 5:26 PM, Gareth Blades <
> mailinglist+aster...@dns99.co.uk> wrote:
>
>> On 01/10/13 15:44, gincantalupo wrote:
>>
>> On Tue, Oct 1, 2013 at 5:07 AM, gincantalupo <
>> gincantal...@fgasoftware.com> wrote:
>>
>>> Hi,
>>>
>>> I get a lot of these messages on my Asterisk CLI:
>>>
>>> "Failed to authenticate user 1000<sip:1000@MY_OWN_IP_ADDRESS>
>>> ;tag=03f82bb9"
>>>
>>> as if my PBX machine is trying to authenticate to itself. It seems
>>> someone is attacking my asterisk PBX.
>>>
>>> Is there a way to fix this problem?
>>
>>
>> in sip.conf I have guest connections permitted and have them going to the
>> default context which contains :-
>>
>> [default]
>> ; all unauthenticated connection attempts from the internet come in here.
>> exten => _[+*#0-9].,1,NoOp(Unauthenticated call attempt -
>> ${SIP_HEADER(Contact)})
>> exten => _[+*#0-9].,n,Congestion
>>
>> Then in fail2ban I have it match the following :-
>>
>> failregex = Registration from .* failed for \'<HOST>\' - Wrong password
>> Unauthenticated call attempt .*\@<HOST>\:
>>
>>
>> --
>> _____________________________________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>> http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>> http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
