Gareth: Did you check if your message (or security) log recorded anything during these attempts? If so, can you post the content of the logs during this attack?
M ________________________________ From: asterisk-users-boun...@lists.digium.com [asterisk-users-boun...@lists.digium.com] On Behalf Of Asghar Mohammad [asghar...@gmail.com] Sent: Tuesday, October 01, 2013 11:53 AM To: Asterisk Users List Subject: Re: [asterisk-users] Failed to authenticate user 1000<sip:1000@MY_OWN_IP_ADDRESS>; tag=03f82bb9 Hi, Bad boys trying to guess a valid username. in sip.conf uncomment alwaysauthreject=yes and Asterisk always reject 1st invite. On Tue, Oct 1, 2013 at 5:26 PM, Gareth Blades <mailinglist+aster...@dns99.co.uk<mailto:mailinglist+aster...@dns99.co.uk>> wrote: On 01/10/13 15:44, gincantalupo wrote: On Tue, Oct 1, 2013 at 5:07 AM, gincantalupo <gincantal...@fgasoftware.com<mailto:gincantal...@fgasoftware.com>> wrote: Hi, I get a lot of these messages on my Asterisk CLI: "Failed to authenticate user 1000<sip:1000@MY_OWN_IP_ADDRESS>;tag=03f82bb9" as if my PBX machine is trying to authenticate to itself. It seems someone is attacking my asterisk PBX. Is there a way to fix this problem? in sip.conf I have guest connections permitted and have them going to the default context which contains :- [default] ; all unauthenticated connection attempts from the internet come in here. exten => _[+*#0-9].,1,NoOp(Unauthenticated call attempt - ${SIP_HEADER(Contact)}) exten => _[+*#0-9].,n,Congestion Then in fail2ban I have it match the following :- failregex = Registration from .* failed for \'<HOST>\' - Wrong password Unauthenticated call attempt .*\@<HOST>\: -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users