On 19/08/2013 19:10, Eric Wieling wrote:
One of Asterisk's dirty little secrets is that it does not show the source IP
when a device or hacker tries sending a call without registering. The
rejection message in the logs do not show the IP of the attacker. Yes it
sucks, yes it has been that w
On Mon, Aug 19, 2013 at 2:29 PM, Eric Wieling wrote:
> Actually, you can try enabling the "security" logging destination in
> logger.conf. I believe that may contain the info, but it is new in
> Asterisk 11. 1.8 and earlier does not have this.
>
>
Nitpick: it was a new feature in Asterisk 10.
On Mon, Aug 19, 2013 at 2:40 PM, Patrick Lists <
asterisk-l...@puzzled.xs4all.nl> wrote:
> On 08/19/2013 08:10 PM, Eric Wieling wrote:
>
>> One of Asterisk's dirty little secrets is that it does not show the
>> source IP when a device or hacker tries sending a call without registering.
>> The rej
#!/bin/bash
IPTABLES='/sbin/iptables'
#Set interface values
INTIF1='eth0'
# Set Limits
LIMIT="2/sec"
LOGLIMIT="5/min"
LIMITBURST="5"
#flush rules and delete chains
$IPTABLES -F
$IPTABLES -X
#echo -e " - Dropping Forward Requests"
$IPTABLES -P FORWARD DROP
#echo -e " - Dropping Inpu
Hello Steve,
Monday, August 19, 2013, 11:55:54 AM, you wrote:
>> >> [2013-08-18 05:56:29] NOTICE[17089][C-00a8] chan_sip.c:
>> >>Failed to authenticate device
>> >> 390;tag=2762c06e
>>
>> xx.xx.xxx.xxx is my public I.P.
> What kind of filtering are you doing? Iptables?
> Rather t
On 08/19/2013 09:29 PM, Eric Wieling wrote:
Actually, you can try enabling the "security" logging destination in
logger.conf. I believe that may contain the info, but it is new in Asterisk 11. 1.8 and
earlier does not have this.
Thanks I'll give that a try.
Regards,
Patrick
--
___
users-boun...@lists.digium.com] On Behalf Of Eric Wieling
Sent: Monday, August 19, 2013 3:28 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Am I being hacked?
No.
-Original Message-
From: asterisk-users-boun...@lists.digium.com
[mailto:asterisk-
No.
-Original Message-
From: asterisk-users-boun...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Patrick Lists
Sent: Monday, August 19, 2013 2:41 PM
To: asterisk-users@lists.digium.com
Subject: Re: [asterisk-users] Am I being hacked?
On 08/19/2013 08:10
On 08/19/2013 08:55 PM, Steve Edwards wrote:
On Mon, 19 Aug 2013, Ira wrote:
>> [2013-08-18 05:56:29] NOTICE[17089][C-00a8] chan_sip.c:
>>Failed to authenticate device
390;tag=2762c06e
xx.xx.xxx.xxx is my public I.P.
What kind of filtering are you doing? Iptables?
Rather than pl
On Mon, 19 Aug 2013, Ira wrote:
>> [2013-08-18 05:56:29] NOTICE[17089][C-00a8] chan_sip.c:
>> Failed to authenticate device 390;tag=2762c06e
xx.xx.xxx.xxx is my public I.P.
What kind of filtering are you doing? Iptables?
Rather than playing 'wack-a-mole' with hackers, my first li
On 08/19/2013 08:10 PM, Eric Wieling wrote:
One of Asterisk's dirty little secrets is that it does not show the source IP
when a device or hacker tries sending a call without registering. The
rejection message in the logs do not show the IP of the attacker. Yes it
sucks, yes it has been tha
They are sending requests from his own public ip huh? Trade secrets
H, IPTaibles, Fail2Ban (as a preventative), there is something
I am missing What the f is it called again? Oh yeah Pike!!!
>> alwaysauthreject = yes
I don't know about that However, using the mac address of the dev
ginal Message-
From: asterisk-users-boun...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Asghar Mohammad
Sent: Monday, August 19, 2013 2:05 PM
To: Ira; Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Am I being hacked?
he,
som
he,
some bad boys trying to guess configured extensions.
in sip config in general set alwaysauthreject = yes .
in cli sip set debug on and watch ip and block in firewall, iptables.
On Mon, Aug 19, 2013 at 7:50 PM, Ira wrote:
> Hello Steve,
>
> Sunday, August 18, 2013, 3:35:54 PM, you wrote:
>
Hello Steve,
Sunday, August 18, 2013, 3:35:54 PM, you wrote:
> On Sun, 18 Aug 2013, Ira wrote:
>> [2013-08-18 05:56:29] NOTICE[17089][C-00a8] chan_sip.c:
>>Failed to authenticate device 390;tag=2762c06e
>>
>> I keep getting messages like this where the IP, xx.xx.xxx.xxx, is my own
On Sun, 18 Aug 2013, Ira wrote:
[2013-08-18 05:56:29] NOTICE[17089][C-00a8] chan_sip.c:
Failed to authenticate device 390;tag=2762c06e
I keep getting messages like this where the IP, xx.xx.xxx.xxx, is my own
IP. How do I figure out where this attempt is coming from so I can
block
Hi
You should install something like fail2ban
Regards
On Sun, Aug 18, 2013 at 5:41 PM, Ira wrote:
> Hello Asterisk-users,
>
> [2013-08-18 05:56:29] NOTICE[17089][C-00a8] chan_sip.c:
>Failed to authenticate device 390 >;tag=2762c06e
> [2013-08-18 05:56:34] NOTICE[17089][C-00a9
Hi,
for example
http://www.fail2ban.org/wiki/index.php/Asterisk
On 18 August 2013 23:41, Ira wrote:
> Hello Asterisk-users,
>
> [2013-08-18 05:56:29] NOTICE[17089][C-00a8] chan_sip.c:
>Failed to authenticate device 390 >;tag=2762c06e
> [2013-08-18 05:56:34] NOTICE[17089][C-00a
Hello Asterisk-users,
[2013-08-18 05:56:29] NOTICE[17089][C-00a8] chan_sip.c:
Failed to authenticate device 390;tag=2762c06e
[2013-08-18 05:56:34] NOTICE[17089][C-00a9] chan_sip.c:
Failed to authenticate device 390;tag=7b909220
I keep getting messages like this where the
19 matches
Mail list logo
