Sending fake auth rejection - from which IP?

handle_request_invite: Sending fake auth rejection for device 11sip:11@my.local.asteriskbox.ip;tag=0f6fa38d

That’s all well and good, but where are the attempts coming from? I would like to ban the IP address from which they came.

Right now, it says they are coming from the floating IP of the asterisk box it self. Like the old movie plot… the calls are coming from inside the house.

/var/log/asterisk/messages doesn’t reveal the point of origination.

update: I enabled security logging in logger.conf, so hopefully that will show something

Yes, the security log is the way to go. But if you want to see the IP apply the patch you can find it in the JIRA page.