On 19/08/2013 19:10, Eric Wieling wrote:
One of Asterisk's dirty little secrets is that it does not show the source IP
when a device or hacker tries sending a call without registering. The
rejection message in the logs do not show the IP of the attacker. Yes it
sucks, yes it has been that
Hello Steve,
Sunday, August 18, 2013, 3:35:54 PM, you wrote:
On Sun, 18 Aug 2013, Ira wrote:
[2013-08-18 05:56:29] NOTICE[17089][C-00a8] chan_sip.c:
Failed to authenticate device 390sip:3...@xx.xx.xxx.xxx;tag=2762c06e
I keep getting messages like this where the IP,
he,
some bad boys trying to guess configured extensions.
in sip config in general set alwaysauthreject = yes .
in cli sip set debug on and watch ip and block in firewall, iptables.
On Mon, Aug 19, 2013 at 7:50 PM, Ira i...@extrasensory.com wrote:
Hello Steve,
Sunday, August 18, 2013,
Message-
From: asterisk-users-boun...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Asghar Mohammad
Sent: Monday, August 19, 2013 2:05 PM
To: Ira; Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Am I being hacked?
he,
some bad
They are sending requests from his own public ip huh? Trade secrets
H, IPTaibles, Fail2Ban (as a preventative), there is something
I am missing What the f is it called again? Oh yeah Pike!!!
alwaysauthreject = yes
I don't know about that However, using the mac address of the
On 08/19/2013 08:10 PM, Eric Wieling wrote:
One of Asterisk's dirty little secrets is that it does not show the source IP
when a device or hacker tries sending a call without registering. The
rejection message in the logs do not show the IP of the attacker. Yes it
sucks, yes it has been
On Mon, 19 Aug 2013, Ira wrote:
[2013-08-18 05:56:29] NOTICE[17089][C-00a8] chan_sip.c:
Failed to authenticate device 390sip:3...@xx.xx.xxx.xxx;tag=2762c06e
xx.xx.xxx.xxx is my public I.P.
What kind of filtering are you doing? Iptables?
Rather than playing 'wack-a-mole' with
On 08/19/2013 08:55 PM, Steve Edwards wrote:
On Mon, 19 Aug 2013, Ira wrote:
[2013-08-18 05:56:29] NOTICE[17089][C-00a8] chan_sip.c:
Failed to authenticate device
390sip:3...@xx.xx.xxx.xxx;tag=2762c06e
xx.xx.xxx.xxx is my public I.P.
What kind of filtering are you doing?
No.
-Original Message-
From: asterisk-users-boun...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Patrick Lists
Sent: Monday, August 19, 2013 2:41 PM
To: asterisk-users@lists.digium.com
Subject: Re: [asterisk-users] Am I being hacked?
On 08/19/2013 08:10
...@lists.digium.com] On Behalf Of Eric Wieling
Sent: Monday, August 19, 2013 3:28 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Am I being hacked?
No.
-Original Message-
From: asterisk-users-boun...@lists.digium.com
[mailto:asterisk-users-boun
On 08/19/2013 09:29 PM, Eric Wieling wrote:
Actually, you can try enabling the security logging destination in
logger.conf. I believe that may contain the info, but it is new in Asterisk 11. 1.8 and
earlier does not have this.
Thanks I'll give that a try.
Regards,
Patrick
--
Hello Steve,
Monday, August 19, 2013, 11:55:54 AM, you wrote:
[2013-08-18 05:56:29] NOTICE[17089][C-00a8] chan_sip.c:
Failed to authenticate device
390sip:3...@xx.xx.xxx.xxx;tag=2762c06e
xx.xx.xxx.xxx is my public I.P.
What kind of filtering are you doing? Iptables?
#!/bin/bash
IPTABLES='/sbin/iptables'
#Set interface values
INTIF1='eth0'
# Set Limits
LIMIT=2/sec
LOGLIMIT=5/min
LIMITBURST=5
#flush rules and delete chains
$IPTABLES -F
$IPTABLES -X
#echo -e- Dropping Forward Requests
$IPTABLES -P FORWARD DROP
#echo -e- Dropping Input
On Mon, Aug 19, 2013 at 2:40 PM, Patrick Lists
asterisk-l...@puzzled.xs4all.nl wrote:
On 08/19/2013 08:10 PM, Eric Wieling wrote:
One of Asterisk's dirty little secrets is that it does not show the
source IP when a device or hacker tries sending a call without registering.
The rejection
On Mon, Aug 19, 2013 at 2:29 PM, Eric Wieling ewiel...@nyigc.com wrote:
Actually, you can try enabling the security logging destination in
logger.conf. I believe that may contain the info, but it is new in
Asterisk 11. 1.8 and earlier does not have this.
Nitpick: it was a new feature in
Hello Asterisk-users,
[2013-08-18 05:56:29] NOTICE[17089][C-00a8] chan_sip.c:
Failed to authenticate device 390sip:3...@xx.xx.xxx.xxx;tag=2762c06e
[2013-08-18 05:56:34] NOTICE[17089][C-00a9] chan_sip.c:
Failed to authenticate device 390sip:3...@xx.xx.xxx.xxx;tag=7b909220
Hi,
for example
http://www.fail2ban.org/wiki/index.php/Asterisk
On 18 August 2013 23:41, Ira i...@extrasensory.com wrote:
Hello Asterisk-users,
[2013-08-18 05:56:29] NOTICE[17089][C-00a8] chan_sip.c:
Failed to authenticate device 390sip:3...@xx.xx.xxx.xxx
;tag=2762c06e
Hi
You should install something like fail2ban
Regards
On Sun, Aug 18, 2013 at 5:41 PM, Ira i...@extrasensory.com wrote:
Hello Asterisk-users,
[2013-08-18 05:56:29] NOTICE[17089][C-00a8] chan_sip.c:
Failed to authenticate device 390sip:3...@xx.xx.xxx.xxx
;tag=2762c06e
On Sun, 18 Aug 2013, Ira wrote:
[2013-08-18 05:56:29] NOTICE[17089][C-00a8] chan_sip.c:
Failed to authenticate device 390sip:3...@xx.xx.xxx.xxx;tag=2762c06e
I keep getting messages like this where the IP, xx.xx.xxx.xxx, is my own
IP. How do I figure out where this attempt is
19 matches
Mail list logo
