No Matching Peers Message Has Gone (1.8.23.1)

Home » Asterisk Users » No Matching Peers Message Has Gone (1.8.23.1)
Asterisk Users 4 Comments

Hi

Ever since we upgraded our asterisk servers to 1.8.23.1, we no longer get the ‘no matching peer’ error when we get a dictionary SIP attack.

Now the logs always show a ‘wrong password’ when there actually isn’t a matching peer.

We even have alwaysauthreject = yes in our sip.conf.

Has anyone else noticed this phenomenon?

Thanks in Advance

Ish

4 thoughts on - No Matching Peers Message Has Gone (1.8.23.1)

  • Ishfaq Malik wrote:

    This is on purpose. To fix some exposure issues the code was changed to have an internal peer (albeit one that can never successfully be authenticated against) that gets used if no real peer is found. This reduces the chance (by a lot) of the code exposing information in some off nominal cases.

  • Hi Ish,

    I assume you are using Fail2Ban to monitor the logs for dictionary attacks – If so, the following regex should work for 1.8:

    Registration from ‘.*’ failed for ‘(:[0-9]{1,5})?’ – Wrong password Registration from ‘.*’ failed for ‘(:[0-9]{1,5})?’ – No matching peer found Registration from ‘.*’ failed for ‘(:[0-9]{1,5})?’ – Username/auth name mismatch Registration from ‘.*’ failed for ‘(:[0-9]{1,5})?’ – Device does not match ACL
    Registration from ‘.*’ failed for ‘
    (:[0-9]{1,5})?’ – Peer is not supposed to register


    Regards, AJ Stanfield

    t: 0161-850-4001
    e: aj@dmcip.com w: http://www.dmcip.com

    —– Original Message —

  • Hi Arthur

    It was a fail2ban based query and fail2ban is still working fine.

    I was just trying to find out if the change was intentional or not.

    Regards

    Ish