VoIP Mailing List Archives
Mailing list archives for the VoIP community |
|
| View previous topic :: View next topic |
| Author |
Message |
motty.cruz at gmail.com
Guest
|
 Posted: Mon Sep 08, 2014 5:39 pm Post subject: [asterisk-users] Asterisk failed to authenticate device - at |
 |
|
Hi all,Â
I continue to see the following msg on my Asterisk log:Â
[Sep  8 15:34:37] NOTICE[7375]: chan_sip.c:23277 handle_request_invite:Â
Failed to authenticate device 9009<sip:9009@196.107.xx.xx>;tag=8dd48dd2
IP: 196.107.xx.xx is my asterisk server IP address.Â
I don't know what it means and how to cover any holes that attacker is trying to exploit.Â
Thanks,Â
Motty |
|
| Back to top |
|
 |
asterisk.org at sedwar...
Guest
|
| Posted: Mon Sep 08, 2014 9:31 pm Post subject: [asterisk-users] Asterisk failed to authenticate device - at |
|
|
On Mon, 8 Sep 2014, motty cruz wrote:
| Quote: | I continue to see the following msg on my Asterisk log:
[Sep 8 15:34:37] NOTICE[7375]: chan_sip.c:23277 handle_request_invite:
Failed to authenticate device 9009<sip:9009@196.107.xx.xx>;tag=8dd48dd2
|
First step is to determine the source -- is it coming from your network or
from the Internet. 'sip set debug on,' tcpdump, ngrep, wireshark can all
be useful.
If it is coming from your network, make note of the MAC address. The first
3 octets are the OUI. Google 'OUI Lookup.' This will tell you the
manufacturer (or at least who made the board inside the device). This may
give you a clue like 'Cisco Linksys LLC' and you may remember you have an
old Sipura (which was bought by Linksys, which was bought by Cisco) laying
around that somebody may have decided to 're-purpose' without telling you.
If it is coming from the Internet, learn a bit about iptables. The best
case scenario is that you know everybody that should be accessing your pbx
so you can 'whitelist' the good guys and DROP everything else. Some people
moan about how they have clients that travel. Unless they travel to China,
Russia, North Korea, Crapistan, etc, just block entire regions of the
world. That will knock off 90% of your 'attack surface.' Maybe you can
limit traffic to just a couple of class C addresses.
Finally, mop up the anklebitters with fail2ban. Oh, and nice long
'random' passwords on all of your SIP endpoints and if you can get away
from 4 digit extensions, all the better.
--
Thanks in advance,
-------------------------------------------------------------------------
Steve Edwards sedwards@sedwards.com Voice: +1-760-468-3867 PST
Newline Fax: +1-760-731-3000
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
Search
