[MAJOR] Well-known critical issue in Asterisk security


Many of us know about that at least in Asterisk 1.8 and 1.6 you can’t always see who is trying to hack your PBX.

I constantly receive such messages in my logs and the only thing I see is my IP address. I don’t see attacker’s IP address and I can’t do anything to block him:

NOTICE[15541] chan_sip.c: Sending fake auth rejection for device 1111asip:1111a@XXX.XXX.XXX.XXX;tag=2d291325

What should I do, how can I prevent such attacks? Should I think of switching to Asterisk 10 or does it have this problem too?

This problem is discussed so many times and I have read many topics here without any suggested solution. I can’t imagine that such problem can be ignored so much time, this is CRITICAL.


This is a a peer support forum; there is no requirement for Digium or developers to monitor it. If you want changes in the Asterisk code (and the change in question would change an interface, so will not go in until version 12), you need to raise it on the developer mailing list. You cannot raise it on the bug tracker, as it is intended behaviour, and you are not submitting a patch.

In terms of tbe bug tracker severity levels, it is probably somewhere between minor and major and probably closer to minor. Most people who care already know which countries attacks come from, and have no need to have their firewalls open to them - most people only need to open port 5060 to their ITSP, LAN and VPNs.