Sending fake auth rejection - from which IP?

cuban_cigar · December 7, 2013, 12:26am

handle_request_invite: Sending fake auth rejection for device 11sip:11@my.local.asteriskbox.ip;tag=0f6fa38d

That’s all well and good, but where are the attempts coming from? I would like to ban the IP address from which they came.

Right now, it says they are coming from the floating IP of the asterisk box it self. Like the old movie plot… the calls are coming from inside the house.

/var/log/asterisk/messages doesn’t reveal the point of origination.

update: I enabled security logging in logger.conf, so hopefully that will show something

navaismo · December 7, 2013, 6:37am

Yes, the security log is the way to go. But if you want to see the IP apply the patch you can find it in the JIRA page.

Topic		Replies	Views
[MAJOR] Well-known critical issue in Asterisk security Asterisk Support	1	263	December 12, 2012
Server being attached Asterisk SIP	4	231	February 13, 2022
Attack to Asterisk 11.2.1 ,"Sending fake auth ..." BUG? Asterisk Support	8	337	February 28, 2013
Sending fake auth rejection for device Asterisk Support	2	936	March 27, 2013
Security - strange Asterisk behaviour Asterisk General	10	308	January 9, 2013

Sending fake auth rejection - from which IP?

Related topics