Hi, Bad boys trying to guess a valid username. in sip.conf uncomment alwaysauthreject=yes and Asterisk always reject 1st invite.
On Tue, Oct 1, 2013 at 5:26 PM, Gareth Blades < mailinglist+aster...@dns99.co.uk> wrote: > On 01/10/13 15:44, gincantalupo wrote: > > On Tue, Oct 1, 2013 at 5:07 AM, gincantalupo <gincantal...@fgasoftware.com > > wrote: > >> Hi, >> >> I get a lot of these messages on my Asterisk CLI: >> >> "Failed to authenticate user 1000<sip:1000@MY_OWN_IP_ADDRESS> >> ;tag=03f82bb9" >> >> as if my PBX machine is trying to authenticate to itself. It seems >> someone is attacking my asterisk PBX. >> >> Is there a way to fix this problem? > > > in sip.conf I have guest connections permitted and have them going to the > default context which contains :- > > [default] > ; all unauthenticated connection attempts from the internet come in here. > exten => _[+*#0-9].,1,NoOp(Unauthenticated call attempt - > ${SIP_HEADER(Contact)}) > exten => _[+*#0-9].,n,Congestion > > Then in fail2ban I have it match the following :- > > failregex = Registration from .* failed for \'<HOST>\' - Wrong password > Unauthenticated call attempt .*\@<HOST>\: > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users