Failed Authentication in Asterisk Logs from Unknown Registrations


(RPG) #1

I am getting a lot of failed authentications in my asterisk logs. Intrusion detection is enabled, Firewall is enabled and whether the firewall responsive is enabled or not, I still see a lot of these in my logs. Allow Anonymous Inbound SIP Calls and Allow SIP Guests are set to no. Is there a way to completely block these unknown registrations and not show them in the asterisk logs?

2463[2020-11-18 13:13:54] NOTICE[21976] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:5100@198.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 2779515976) - Failed to authenticate

2464[2020-11-18 13:13:54] NOTICE[32047] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:5100@198.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 2309329199) - Failed to authenticate

2465[2020-11-18 13:13:54] NOTICE[18867] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:5100@198.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 1936345261) - Failed to authenticate

2466[2020-11-18 13:13:54] NOTICE[11938] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:5100@198.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 2417069907) - Failed to authenticate

2467[2020-11-18 13:13:54] NOTICE[3925] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:5100@198.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 2101400696) - Failed to authenticate

2468[2020-11-18 13:13:54] NOTICE[8434] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:5100@198.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 2779515976) - Failed to authenticate

2469[2020-11-18 13:13:54] NOTICE[21976] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:5100@198.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 1209918702) - Failed to authenticate

2470[2020-11-18 13:13:54] NOTICE[32047] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:5100@198.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 2309329199) - Failed to authenticate

2471[2020-11-18 13:13:54] NOTICE[18867] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:5100@198.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 2746468686) - Failed to authenticate

2472[2020-11-18 13:13:54] NOTICE[11938] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:5100@198.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 1936345261) - Failed to authenticate

2473[2020-11-18 13:13:54] NOTICE[3925] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:5100@198.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 2101400696) - Failed to authenticate

2474[2020-11-18 13:13:54] NOTICE[8434] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:5100@198.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 2417069907) - Failed to authenticate

2475[2020-11-18 13:13:54] NOTICE[21976] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:5100@198.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 1209918702) - Failed to authenticate

2476[2020-11-18 13:13:54] NOTICE[32047] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:5100@198.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 2309329199) - Failed to authenticate

2477[2020-11-18 13:13:54] NOTICE[18867] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:5100@198.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 1936345261) - Failed to authenticate

2478[2020-11-18 13:13:54] NOTICE[11938] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:5100@198.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 2746468686) - Failed to authenticate

2479[2020-11-18 13:13:54] NOTICE[3925] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:5100@198.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 2101400696) - Failed to authenticate

2480[2020-11-18 13:13:54] NOTICE[8434] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:5100@198.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 2417069907) - Failed to authenticate

2481[2020-11-18 13:13:54] NOTICE[21976] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:5100@198.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 1209918702) - Failed to authenticate

2482[2020-11-18 13:13:54] NOTICE[32047] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:5100@198.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 2309329199) - Failed to authenticate

2483[2020-11-18 13:13:54] NOTICE[18867] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:5100@198.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 2779515976) - Failed to authenticate

2484[2020-11-18 13:13:54] NOTICE[11938] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:5100@198.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 2746468686) - Failed to authenticate

2485[2020-11-18 13:13:54] NOTICE[3925] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:5100@198.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 2101400696) - Failed to authenticate

2486[2020-11-18 13:13:54] NOTICE[8434] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:5100@198.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 1936345261) - Failed to authenticate

2487[2020-11-18 13:13:54] NOTICE[21976] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:5100@198.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 1209918702) - Failed to authenticate

2488[2020-11-18 13:13:54] NOTICE[32047] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:5100@198.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 2779515976) - Failed to authenticate

2489[2020-11-18 13:13:54] NOTICE[18867] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:5100@198.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 2309329199) - Failed to authenticate

2490[2020-11-18 13:13:55] NOTICE[11938] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:5100@198.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 2746468686) - Failed to authenticate

2491[2020-11-18 13:14:45] NOTICE[3925] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘<sip:8028@198.0.40.75>’ failed for ‘185.147.213.12:59337’ (callid: 243550286-1988014896-427571729) - Failed to authenticate

2492[2020-11-18 13:14:46] NOTICE[8434] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘<sip:8028@198.0.40.75>’ failed for ‘185.147.213.12:59337’ (callid: 243550286-1988014896-427571729) - Failed to authenticate

2493[2020-11-18 13:14:46] NOTICE[32047] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘<sip:8028@198.0.40.75>’ failed for ‘185.147.213.12:59337’ (callid: 243550286-1988014896-427571729) - Failed to authenticate

2494[2020-11-18 13:14:46] NOTICE[21976] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘<sip:8028@198.0.40.75>’ failed for ‘185.147.213.12:59337’ (callid: 243550286-1988014896-427571729) - No matching endpoint found after 5 tries in 0.895 ms

2495[2020-11-18 13:14:46] NOTICE[21976] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘<sip:8028@198.0.40.75>’ failed for ‘185.147.213.12:59337’ (callid: 243550286-1988014896-427571729) - Failed to authenticate

2496[2020-11-18 13:14:46] NOTICE[18867] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘<sip:8028@198.0.40.75>’ failed for ‘185.147.213.12:59337’ (callid: 243550286-1988014896-427571729) - No matching endpoint found after 6 tries in 1.135 ms

2497[2020-11-18 13:14:46] NOTICE[18867] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘<sip:8028@198.0.40.75>’ failed for ‘185.147.213.12:59337’ (callid: 243550286-1988014896-427571729) - Failed to authenticate


(Dave Burgess) #2

Use the Firewall, Luke!

You can use the Adaptive Firewall if you have people coming from all over, or you can just lock down port 5060 to just your local network and your ITSP if all of your calls come from known networks.


(Lorne Gaetz) #3

… but not configured.

wiki: https://wiki.freepbx.org/display/FPG/Firewall
video: Open Source Pro Tips #2 - Firewall Basics


(RPG) #4

The video helped tremendously! I configured it but was not configured correctly!


(RPG) #5

I got it configured correctly. I added known IP addresses in the trusted zone but because we have users that work remotely, I have to enable the responsive firewall. But when I disable the responsive firewall, I do not see the failed authentications at all. I like how you explained everything really well in the video!