Failed To Authenticate Device Message
I am getting this message:
Failed to authenticate device
but it does not report the “connecting” address. Who is failing connecting ?
I either need to block someone or fix something – I’m thinking block – but I dont know who. How do I found out the connecting IP?
Jerry
5 thoughts on - Failed To Authenticate Device Message
Hi Jerry
Le 22/07/2020 à 14:54, Jerry Geis a écrit :
You should get it with recvip
exten = i,1,Verbose(Incoming ANONYMOUS SIP call from ${CALLERID(name)}
${CALLERID(num)} SRC IP ${CHANNEL(recvip)})
—
Daniel
—
Thanks – its not an incoming call – its just a log on the CLI
There is nothing before it and nothing after – no incoming call.
Jerry
Did you check your security log?
There is usually a wealth of info there about who, what, where when and why.
Andrew
I also checked /var/log/asterisk/messages and it just has the same line. Nothing additional.
Jerry
You didn’t post the Asterisk version, but if this is an OLD asterisk version then the source IP may be missing from messages/logs.
If you have low traffic in general then using something like Wireshark may help you examine any suspicious SIP packet on the PBX. For higher volumes it’s like drinking from a fire hydrant, so not suitable.
If this is a small PBX, have a look at the SecAst product (https://teium.io/secast). It’s free for small installations. It’s an Asterisk security product that monitors network traffic at a the adapter level so it can sniff the source. It also talks to Asterisk through the AMI so it can get more details of the connection/session that way. If this is for a larger PBX then you would have to move the discussion to the biz list for more info on SecAst. (Or email me off list)
From: asterisk-users [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Jerry Geis Sent: Wednesday, July 22, 2020 11:37 AM
To: Asterisk Users Mailing List – Non-Commercial Discussion
Subject: Re: [asterisk-users] Failed to authenticate device message
I also checked /var/log/asterisk/messages and it just has the same line. Nothing additional.
Jerry