ChanSip error

invictamix · April 15, 2020, 9:19am

Hi everybody,

i hope you can help me.
I see this notice in asterisk

[2020-04-15 10:39:40] NOTICE[2745][C-000000b1]: chan_sip.c:25904 handle_request_invite: Failed to authenticate device sip:[email protected]:5060;tag=d11f24229f52d2472c23756e2e0effbc

i don’t understant why because right now i don’t have any sip or device with number 1001.
I restarted all the system but this notice persistes.

Can you help me please what should i do?

amardeeprana · April 15, 2020, 10:21am

are you getting many attempts with different different extensions ?, is there any kind of brute attack on server ?, please check logs…

Disable anonymous call to - NO
Allow Guest - NO

mattf · April 15, 2020, 6:02pm

One other bit of advice that some people don’t think about is that if you don’t have a good reason for your PBX to be connected to the public internet, it’s a good idea just to keep it behind your firewall (if possible). Some use cases require external public access, but you definitely minimize a whole class of potential problems if you don’t have it publicly accessible.

invictamix · April 16, 2020, 5:57pm

i have all this options like this. i see on sip debug some attacks, here an example:

Retransmitting #2 (NAT) to 54.36.109.91:58860:
SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP 0.0.0.0:58860;branch=z9hG4bK1273017248;received=54.36.109.91;rport=58860
From: sip:1001@myserver;tag=880232777
To: sip:7749400442037693796@myserver;tag=as78c87b0d
Call-ID: 1787486076-1250462066-1671686173
CSeq: 2 INVITE
Server: IPBX-2.11.0(11.25.3)
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0

I have my PBX on a vps server so it have external public access. i tryed to used issabel firewall rules but dont works fine. when i ennable firewalld from Centos i dont have access to the vps

amardeeprana · April 16, 2020, 6:18pm

Fail2ban running on server ?

invictamix · April 16, 2020, 11:08pm

Yes, it is. I can see a lot of banished ip in the log. Is there anything else i should do?

PitzKey · April 17, 2020, 12:18am

Most VPS providers have some “firewall” service they offer, it might be simple forwarding rules.

Also, take a look at the FreePBX firewall, allow access only from trusted sources.

BlazeStudios · April 17, 2020, 12:52pm

If you’re using Issabel you need to be asking these questions on their forums. It’s their PBX release.

invictamix · April 24, 2020, 11:35am

the solution was deny all ips and only allow operators to be able to login in their extensions. i use issabel firewall and now works fine. Thank you to all

system · May 25, 2020, 11:35am

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.