Hi, Seems a great workaround from Gareth Blades. Thanks I will try it.
Any way to make asterisk log a line in /var/log/messages ? On 10 October 2013 19:44, Michelle Dupuis <mdup...@ocg.ca> wrote: > Gareth: > > Did you check if your message (or security) log recorded anything during > these attempts? If so, can you post the content of the logs during this > attack? > > M > ------------------------------ > *From:* asterisk-users-boun...@lists.digium.com [ > asterisk-users-boun...@lists.digium.com] On Behalf Of Asghar Mohammad [ > asghar...@gmail.com] > *Sent:* Tuesday, October 01, 2013 11:53 AM > *To:* Asterisk Users List > *Subject:* Re: [asterisk-users] Failed to authenticate user > 1000<sip:1000@MY_OWN_IP_ADDRESS>; tag=03f82bb9 > > Hi, > Bad boys trying to guess a valid username. > in sip.conf uncomment alwaysauthreject=yes and Asterisk always reject 1st > invite. > > > On Tue, Oct 1, 2013 at 5:26 PM, Gareth Blades < > mailinglist+aster...@dns99.co.uk> wrote: > >> On 01/10/13 15:44, gincantalupo wrote: >> >> On Tue, Oct 1, 2013 at 5:07 AM, gincantalupo < >> gincantal...@fgasoftware.com> wrote: >> >>> Hi, >>> >>> I get a lot of these messages on my Asterisk CLI: >>> >>> "Failed to authenticate user 1000<sip:1000@MY_OWN_IP_ADDRESS> >>> ;tag=03f82bb9" >>> >>> as if my PBX machine is trying to authenticate to itself. It seems >>> someone is attacking my asterisk PBX. >>> >>> Is there a way to fix this problem? >> >> >> in sip.conf I have guest connections permitted and have them going to the >> default context which contains :- >> >> [default] >> ; all unauthenticated connection attempts from the internet come in here. >> exten => _[+*#0-9].,1,NoOp(Unauthenticated call attempt - >> ${SIP_HEADER(Contact)}) >> exten => _[+*#0-9].,n,Congestion >> >> Then in fail2ban I have it match the following :- >> >> failregex = Registration from .* failed for \'<HOST>\' - Wrong password >> Unauthenticated call attempt .*\@<HOST>\: >> >> >> -- >> _____________________________________________________________________ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> New to Asterisk? Join us for a live introductory webinar every Thurs: >> http://www.asterisk.org/hello >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users >> > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users