On 17 Jan 2014, at 02:18, Sean Darcy <seandar...@gmail.com> wrote: > I'm used to seeing fraudulent attempts to authenticate, But now I'm getting > them from the server itself. > > I have an asterisk server behind a firewalled router. The local subnet is > 10.10.10.0/24, the server is 10.10.10.100. > > Now I'm seeing in the log lots of: > > Failed to authenticate device <*>00<sip:<*>00@10.10.10.100:5060>;tag=9c565e6e > > How can this happen?
I’d get an actual SIP trace rather than relying on the logs. If you get it at IP level, it’s a little harder to spoof (i.e. sometimes the SIP headers contain nonsense) Steve -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users