i have a asterisk 11.2.1 to learn it and testing what’s going on with AST 11 . i have 2 trunk and 1 provider to test , i bought it.
asterisk had 2 easy peer like 101 and 10 number password. only udp and 5060 port is opened , and has a fail2ban and it is realtime asterisk.
Last weekend a hacker attacked my server. he sent my server to
[2013-02-24 08:58:49] NOTICE[C-0000003f] chan_sip.c: Sending fake auth rejection for device 510<sip:510@my-serverip>;tag=ccc4762a
[2013-02-24 08:58:49] NOTICE[C-0000003f] chan_sip.c: Sending fake auth rejection for device 520<sip:520@my-serverip>;tag=ccc4762a
[2013-02-24 08:58:49] NOTICE[C-0000003f] chan_sip.c: Sending fake auth rejection for device 530<sip:530@my-serverip>;tag=ccc4762a
it is trying all peers. but my fail2ban couldnt ban hacker coz cannot pick his ip but picks server-ip!
i cant see 101 in logs and cant see any registiration ,nothing about 101 ! but he managed to connect 101 and called international numbers.
And after i realized all things , closed my server.
Real problem is that Why dont astersik write hacker’s ip in the “Sending fake auth …” to prevent attackers
is it bug Asterisk 11.2.X ?
i configured my sip.conf and other stuff on the way 7 steps digium sip security.
and yes “there isnt default context”
After that i tried some test on my asterisk and i saw that. after send “Subscribe packet” if there is a peer/friend as it , my asterisk sends “Register packet” and "401 unauthorized packet"
so easy to undestand has a peer as it.
and Big question is that why i cant see any log about why dont have any “-wrong number-” !
How to call without registration my server!