Re: [asterisk-users] Failed to authenticate device 100

Thu, 03 Dec 2015 08:58:06 -0800 

Thanks M,
I have security enable,
; output security messages to the file named "Security"
security => security
I see the file created in /var/log/asterisk/security but is empty, and in /var/log/asterisk/messages I see the following: [2015-12-03 06:52:32] NOTICE[19949] chan_sip.c: Failed to authenticate device 100<sip:100@X.X.X.X>;tag=a121ab55
X.X.X.X is the IP of my Server, I don't know who is the attacker IP unless I monitor for the server using the following command: 
tcpdump -lni eth0 -f "udp port 5060"

Please advise.
Thanks,
Motty

On 12/02/2015 01:53 PM, Telium Technical Support wrote:
The details of the source IP are available in the asterisk security log (if you have that enabled) – but that particular attack hides its address from the messages file.
It’s essential that you secure your PBX; there are options ranging from free to commercial. Have a look at: 

http://www.voip-info.org/wiki/view/Asterisk+security
It’s easy to get a $20,000 phone bill, so take securing your PBX seriously. 

-M-
*From:*asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] *On Behalf Of *Motty 
*Sent:* Wednesday, December 02, 2015 1:12 PM
*To:* Asterisk Users Mailing List - Non-Commercial Discussion; motty.c...@gmail.com 
*Subject:* [asterisk-users] Failed to authenticate device 100

Hello, I continued to see this errors in the logs:
[2015-12-02 10:05:57] NOTICE[19949]: chan_sip.c:23277 handle_request_invite: Failed to authenticate device 100<sip:1...@xx.xx.xx.xx> <mailto:sip:1...@xx.xx.xx.xx>;tag=10cdeaf7
how do I guard against this kinds of attacks? Also, to get the IP address from where this attack come from I use the following command "tcpdump -lni eth0 -f "udp port 5060" is there an easy way to get the attacker's IP? 

Thanks,
Motty





-- 
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Reply via email to