Failed Authentication in Asterisk Logs from Unknown Registrations

I am getting a lot of failed authentications in my asterisk logs. Intrusion detection is enabled, Firewall is enabled and whether the firewall responsive is enabled or not, I still see a lot of these in my logs. Allow Anonymous Inbound SIP Calls and Allow SIP Guests are set to no. Is there a way to completely block these unknown registrations and not show them in the asterisk logs?

2463[2020-11-18 13:13:54] NOTICE[21976] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:[email protected]>’ failed for ‘40.82.197.91:5508’ (callid: 2779515976) - Failed to authenticate

2464[2020-11-18 13:13:54] NOTICE[32047] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:[email protected]>’ failed for ‘40.82.197.91:5508’ (callid: 2309329199) - Failed to authenticate

2465[2020-11-18 13:13:54] NOTICE[18867] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:[email protected]>’ failed for ‘40.82.197.91:5508’ (callid: 1936345261) - Failed to authenticate

2466[2020-11-18 13:13:54] NOTICE[11938] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:[email protected]>’ failed for ‘40.82.197.91:5508’ (callid: 2417069907) - Failed to authenticate

2467[2020-11-18 13:13:54] NOTICE[3925] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:[email protected]>’ failed for ‘40.82.197.91:5508’ (callid: 2101400696) - Failed to authenticate

2468[2020-11-18 13:13:54] NOTICE[8434] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:[email protected]>’ failed for ‘40.82.197.91:5508’ (callid: 2779515976) - Failed to authenticate

2469[2020-11-18 13:13:54] NOTICE[21976] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:[email protected]>’ failed for ‘40.82.197.91:5508’ (callid: 1209918702) - Failed to authenticate

2470[2020-11-18 13:13:54] NOTICE[32047] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:[email protected]>’ failed for ‘40.82.197.91:5508’ (callid: 2309329199) - Failed to authenticate

2471[2020-11-18 13:13:54] NOTICE[18867] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:[email protected]>’ failed for ‘40.82.197.91:5508’ (callid: 2746468686) - Failed to authenticate

2472[2020-11-18 13:13:54] NOTICE[11938] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:[email protected]>’ failed for ‘40.82.197.91:5508’ (callid: 1936345261) - Failed to authenticate

2473[2020-11-18 13:13:54] NOTICE[3925] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:[email protected]>’ failed for ‘40.82.197.91:5508’ (callid: 2101400696) - Failed to authenticate

2474[2020-11-18 13:13:54] NOTICE[8434] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:[email protected]>’ failed for ‘40.82.197.91:5508’ (callid: 2417069907) - Failed to authenticate

2475[2020-11-18 13:13:54] NOTICE[21976] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:[email protected]>’ failed for ‘40.82.197.91:5508’ (callid: 1209918702) - Failed to authenticate

2476[2020-11-18 13:13:54] NOTICE[32047] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:[email protected]>’ failed for ‘40.82.197.91:5508’ (callid: 2309329199) - Failed to authenticate

2477[2020-11-18 13:13:54] NOTICE[18867] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:[email protected]>’ failed for ‘40.82.197.91:5508’ (callid: 1936345261) - Failed to authenticate

2478[2020-11-18 13:13:54] NOTICE[11938] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:[email protected]>’ failed for ‘40.82.197.91:5508’ (callid: 2746468686) - Failed to authenticate

2479[2020-11-18 13:13:54] NOTICE[3925] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:[email protected]>’ failed for ‘40.82.197.91:5508’ (callid: 2101400696) - Failed to authenticate

2480[2020-11-18 13:13:54] NOTICE[8434] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:[email protected]98.0.40.75>’ failed for ‘40.82.197.91:5508’ (callid: 2417069907) - Failed to authenticate

2481[2020-11-18 13:13:54] NOTICE[21976] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:[email protected]>’ failed for ‘40.82.197.91:5508’ (callid: 1209918702) - Failed to authenticate

2482[2020-11-18 13:13:54] NOTICE[32047] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:[email protected]>’ failed for ‘40.82.197.91:5508’ (callid: 2309329199) - Failed to authenticate

2483[2020-11-18 13:13:54] NOTICE[18867] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:[email protected]>’ failed for ‘40.82.197.91:5508’ (callid: 2779515976) - Failed to authenticate

2484[2020-11-18 13:13:54] NOTICE[11938] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:[email protected]>’ failed for ‘40.82.197.91:5508’ (callid: 2746468686) - Failed to authenticate

2485[2020-11-18 13:13:54] NOTICE[3925] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:[email protected]>’ failed for ‘40.82.197.91:5508’ (callid: 2101400696) - Failed to authenticate

2486[2020-11-18 13:13:54] NOTICE[8434] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:[email protected]>’ failed for ‘40.82.197.91:5508’ (callid: 1936345261) - Failed to authenticate

2487[2020-11-18 13:13:54] NOTICE[21976] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:[email protected]>’ failed for ‘40.82.197.91:5508’ (callid: 1209918702) - Failed to authenticate

2488[2020-11-18 13:13:54] NOTICE[32047] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:[email protected]>’ failed for ‘40.82.197.91:5508’ (callid: 2779515976) - Failed to authenticate

2489[2020-11-18 13:13:54] NOTICE[18867] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:[email protected]>’ failed for ‘40.82.197.91:5508’ (callid: 2309329199) - Failed to authenticate

2490[2020-11-18 13:13:55] NOTICE[11938] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“5100” <sip:[email protected]>’ failed for ‘40.82.197.91:5508’ (callid: 2746468686) - Failed to authenticate

2491[2020-11-18 13:14:45] NOTICE[3925] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘<sip:[email protected]>’ failed for ‘185.147.213.12:59337’ (callid: 243550286-1988014896-427571729) - Failed to authenticate

2492[2020-11-18 13:14:46] NOTICE[8434] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘<sip:[email protected]>’ failed for ‘185.147.213.12:59337’ (callid: 243550286-1988014896-427571729) - Failed to authenticate

2493[2020-11-18 13:14:46] NOTICE[32047] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘<sip:[email protected]>’ failed for ‘185.147.213.12:59337’ (callid: 243550286-1988014896-427571729) - Failed to authenticate

2494[2020-11-18 13:14:46] NOTICE[21976] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘<sip:[email protected]>’ failed for ‘185.147.213.12:59337’ (callid: 243550286-1988014896-427571729) - No matching endpoint found after 5 tries in 0.895 ms

2495[2020-11-18 13:14:46] NOTICE[21976] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘<sip:[email protected]>’ failed for ‘185.147.213.12:59337’ (callid: 243550286-1988014896-427571729) - Failed to authenticate

2496[2020-11-18 13:14:46] NOTICE[18867] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘<sip:[email protected]>’ failed for ‘185.147.213.12:59337’ (callid: 243550286-1988014896-427571729) - No matching endpoint found after 6 tries in 1.135 ms

2497[2020-11-18 13:14:46] NOTICE[18867] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘<sip:[email protected]>’ failed for ‘185.147.213.12:59337’ (callid: 243550286-1988014896-427571729) - Failed to authenticate

Use the Firewall, Luke!

You can use the Adaptive Firewall if you have people coming from all over, or you can just lock down port 5060 to just your local network and your ITSP if all of your calls come from known networks.

… but not configured.

wiki: https://wiki.freepbx.org/display/FPG/Firewall
video: Open Source Pro Tips #2 - Firewall Basics

1 Like

The video helped tremendously! I configured it but was not configured correctly!

1 Like

I got it configured correctly. I added known IP addresses in the trusted zone but because we have users that work remotely, I have to enable the responsive firewall. But when I disable the responsive firewall, I do not see the failed authentications at all. I like how you explained everything really well in the video!

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.