Re: [asterisk-users] Failed to authenticate user 1000; tag=03f82bb9

Wed, 02 Oct 2013 08:15:54 -0700 

Hi Asghar,
surely this can improve security but what I'm looking for is something to find the real attacker IP address and ban it. Fail2ban bans my own public ip address. 

Thank you

Giorgio


On 10/01/2013 05:53 PM, Asghar Mohammad wrote:

Hi,
Bad boys trying to guess a valid username.

in sip.conf uncomment  alwaysauthreject=yes and Asterisk always reject 
1st invite.




On Tue, Oct 1, 2013 at 5:26 PM, Gareth Blades 
<mailinglist+aster...@dns99.co.uk 
<mailto:mailinglist+aster...@dns99.co.uk>> wrote:


    On 01/10/13 15:44, gincantalupo wrote:

    On Tue, Oct 1, 2013 at 5:07 AM, gincantalupo
    <gincantal...@fgasoftware.com
    <mailto:gincantal...@fgasoftware.com>> wrote:

        Hi,

        I get a lot of these messages on my Asterisk CLI:

        "Failed to authenticate user
        1000<sip:1000@MY_OWN_IP_ADDRESS>;tag=03f82bb9"

        as if my PBX machine is trying to authenticate to itself. It
        seems someone is attacking my asterisk PBX.

        Is there a way to fix this problem?



    in sip.conf I have guest connections permitted and have them going
    to the default context which contains :-

    [default]
    ; all unauthenticated connection attempts from the internet come
    in here.
    exten => _[+*#0-9].,1,NoOp(Unauthenticated call attempt -
    ${SIP_HEADER(Contact)})
    exten => _[+*#0-9].,n,Congestion

    Then in fail2ban I have it match the following :-

    failregex = Registration from .* failed for \'<HOST>\' - Wrong
    password
                Unauthenticated call attempt .*\@<HOST>\:


    --
    _____________________________________________________________________
    -- Bandwidth and Colocation Provided by http://www.api-digital.com --
    New to Asterisk? Join us for a live introductory webinar every Thurs:
    http://www.asterisk.org/hello

    asterisk-users mailing list
    To UNSUBSCRIBE or update options visit:
    http://lists.digium.com/mailman/listinfo/asterisk-users





-- 
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users





















					Reply via email to