Hello, I continued to see this errors in the logs: [2015-12-02 10:05:57] NOTICE[19949]: chan_sip.c:23277 handle_request_invite: Failed to authenticate device 100<sip:100 at xx.xx.xx.xx>;tag=10cdeaf7 how do I guard against this kinds of attacks? Also, to get the IP address from where this attack come from I use the following command "tcpdump -lni eth0 -f "udp port 5060" is there an easy way to get the attacker's IP? Thanks, Motty -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20151202/8aaf6843/attachment.html>
Telium Technical Support
2015-Dec-02 21:53 UTC
[asterisk-users] Failed to authenticate device 100
The details of the source IP are available in the asterisk security log (if you have that enabled) ? but that particular attack hides its address from the messages file. It?s essential that you secure your PBX; there are options ranging from free to commercial. Have a look at: http://www.voip-info.org/wiki/view/Asterisk+security It?s easy to get a $20,000 phone bill, so take securing your PBX seriously. -M- From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Motty Sent: Wednesday, December 02, 2015 1:12 PM To: Asterisk Users Mailing List - Non-Commercial Discussion; motty.cruz at gmail.com Subject: [asterisk-users] Failed to authenticate device 100 Hello, I continued to see this errors in the logs: [2015-12-02 10:05:57] NOTICE[19949]: chan_sip.c:23277 handle_request_invite: Failed to authenticate device 100 <mailto:sip:100 at xx.xx.xx.xx> <sip:100 at xx.xx.xx.xx>;tag=10cdeaf7 how do I guard against this kinds of attacks? Also, to get the IP address from where this attack come from I use the following command "tcpdump -lni eth0 -f "udp port 5060" is there an easy way to get the attacker's IP? Thanks, Motty -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20151202/79e0f4ab/attachment.html>
Thanks M, I have security enable, ; output security messages to the file named "Security" security => security I see the file created in /var/log/asterisk/security but is empty, and in /var/log/asterisk/messages I see the following: [2015-12-03 06:52:32] NOTICE[19949] chan_sip.c: Failed to authenticate device 100<sip:100 at X.X.X.X>;tag=a121ab55 X.X.X.X is the IP of my Server, I don't know who is the attacker IP unless I monitor for the server using the following command: tcpdump -lni eth0 -f "udp port 5060" Please advise. Thanks, Motty On 12/02/2015 01:53 PM, Telium Technical Support wrote:> > The details of the source IP are available in the asterisk security > log (if you have that enabled) ? but that particular attack hides its > address from the messages file. > > It?s essential that you secure your PBX; there are options ranging > from free to commercial. Have a look at: > > http://www.voip-info.org/wiki/view/Asterisk+security > > It?s easy to get a $20,000 phone bill, so take securing your PBX > seriously. > > -M- > > *From:*asterisk-users-bounces at lists.digium.com > [mailto:asterisk-users-bounces at lists.digium.com] *On Behalf Of *Motty > *Sent:* Wednesday, December 02, 2015 1:12 PM > *To:* Asterisk Users Mailing List - Non-Commercial Discussion; > motty.cruz at gmail.com > *Subject:* [asterisk-users] Failed to authenticate device 100 > > Hello, I continued to see this errors in the logs: > > [2015-12-02 10:05:57] NOTICE[19949]: chan_sip.c:23277 > handle_request_invite: Failed to authenticate device > 100<sip:100 at xx.xx.xx.xx> <mailto:sip:100 at xx.xx.xx.xx>;tag=10cdeaf7 > > how do I guard against this kinds of attacks? Also, to get the IP > address from where this attack come from I use the following command > "tcpdump -lni eth0 -f "udp port 5060" is there an easy way to get the > attacker's IP? > > Thanks, > Motty >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20151203/e366ec8f/attachment.html>