5 thoughts on - Failed To Authenticate Device Message

• Hi Jerry

  Le 22/07/2020 à 14:54, Jerry Geis a écrit :

  You should get it with recvip

  exten = i,1,Verbose(Incoming ANONYMOUS SIP call from ${CALLERID(name)}
  ${CALLERID(num)} SRC IP ${CHANNEL(recvip)})

  —
  Daniel

  —

• Thanks – its not an incoming call – its just a log on the CLI
  There is nothing before it and nothing after – no incoming call.

  Jerry

• Did you check your security log?

  There is usually a wealth of info there about who, what, where when and why.

  Andrew

• I also checked /var/log/asterisk/messages and it just has the same line. Nothing additional.

  Jerry

• You didn’t post the Asterisk version, but if this is an OLD asterisk version then the source IP may be missing from messages/logs.

  If you have low traffic in general then using something like Wireshark may help you examine any suspicious SIP packet on the PBX. For higher volumes it’s like drinking from a fire hydrant, so not suitable.

  If this is a small PBX, have a look at the SecAst product (https://teium.io/secast). It’s free for small installations. It’s an Asterisk security product that monitors network traffic at a the adapter level so it can sniff the source. It also talks to Asterisk through the AMI so it can get more details of the connection/session that way. If this is for a larger PBX then you would have to move the discussion to the biz list for more info on SecAst. (Or email me off list)

  From: asterisk-users [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Jerry Geis Sent: Wednesday, July 22, 2020 11:37 AM
  To: Asterisk Users Mailing List – Non-Commercial Discussion
  Subject: Re: [asterisk-users] Failed to authenticate device message

  I also checked /var/log/asterisk/messages and it just has the same line. Nothing additional.

  Jerry