i hope you can help me.
I see this notice in asterisk
[2020-04-15 10:39:40] NOTICE[C-000000b1]: chan_sip.c:25904 handle_request_invite: Failed to authenticate device sip: [email protected]:5060;tag=d11f24229f52d2472c23756e2e0effbc
i don’t understant why because right now i don’t have any sip or device with number 1001.
I restarted all the system but this notice persistes.
Can you help me please what should i do?
are you getting many attempts with different different extensions ?, is there any kind of brute attack on server ?, please check logs…
Disable anonymous call to - NO
Allow Guest - NO
One other bit of advice that some people don’t think about is that if you don’t have a good reason for your PBX to be connected to the public internet, it’s a good idea just to keep it behind your firewall (if possible). Some use cases require external public access, but you definitely minimize a whole class of potential problems if you don’t have it publicly accessible.
i have all this options like this. i see on sip debug some attacks, here an example:
#2 (NAT) to 22.214.171.124:58860:
SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP 0.0.0.0:58860;branch=z9hG4bK1273017248;received=126.96.36.199;rport=58860
From: sip:;tag=880232777 [email protected]
To: sip:;tag=as78c87b0d [email protected]
CSeq: 2 INVITE
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
I have my PBX on a vps server so it have external public access. i tryed to used issabel firewall rules but dont works fine. when i ennable firewalld from Centos i dont have access to the vps
Fail2ban running on server ?
Yes, it is. I can see a lot of banished ip in the log. Is there anything else i should do?
Most VPS providers have some “firewall” service they offer, it might be simple forwarding rules.
Also, take a look at the FreePBX firewall, allow access only from trusted sources.
issabel firewall rules
If you’re using Issabel you need to be asking these questions on their forums. It’s their PBX release.
the solution was deny all ips and only allow operators to be able to login in their extensions. i use issabel firewall and now works fine. Thank you to all
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.