[CM102001] Auth Failed for SipReq

Discussion in 'Windows' started by its2, Oct 10, 2012.

Thread Status:
Not open for further replies.
  1. its2

    Joined:
    May 8, 2009
    Messages:
    5
    Likes Received:
    0
    Good morning all;

    I'm hoping someone might be able to confirm my suspicions.

    In the Server Activity Log i have:
    "Authentication failed for SipReq: REGISTER 81.23.XXX.XXX tid=917d3a45e8403958 cseq=REGISTER contact=123@1.1.1.1 / 2 from(wire); Reason: Credentials don’t match, check that authorization-ID and password match the ones in extension settings"

    Note that REGISTER 81.23.XXX.XXX is my WAN IP address
    Im not sure what contact=123@1.1.1.1 is, but im assuming its suppose to be an extension number which doesnt exist.

    Then if i go to the Server Event Log, there is an IP address being blocked:
    The IP 146.185.26.61 has been blacklisted for 1800 sec. Reason: Too many failed authentications!

    Should i make the assumption that this rogue IP address that is black listed is trying to gain access to the phone system to make calls? I thought id taken steps to block the IP on my firewall (physical). but it still seems to be getting through, maybe i need to look here again

    We don't use the 5090 port for remote handsets
    The Fax service is disabled as recommended
    Phone system we use is Version 10.0

    Thanks in advance
     
  2. mixig

    mixig Active Member

    Joined:
    Dec 13, 2011
    Messages:
    523
    Likes Received:
    12
    Hi,

    you have sip port (5060) open in your router/firewall?

    This is 3cx bulit-in mechanism to prevent illegal users to connect to your server which can be adjust: Settings-Security-Anti Hacking
     
  3. its2

    Joined:
    May 8, 2009
    Messages:
    5
    Likes Received:
    0
    Hi mixg

    Yes, 5060 is open.. My SIP trunks are all working as expecting.

    I will take a look in these settings to see if i can get the IP blocked permanently. Ive taken a look over my firewall but i cant see much wrong with the config. i must be going wrong somewhere
     
  4. mixig

    mixig Active Member

    Joined:
    Dec 13, 2011
    Messages:
    523
    Likes Received:
    12
    In our firewalls we create rule which allow sip (5060) only when it comes from source address from voip provider, any other source address with destination port 5060 is blocked. Not all routers has that possibility (many of them can match just by port number)
     
  5. its2

    Joined:
    May 8, 2009
    Messages:
    5
    Likes Received:
    0
    Ahh thats a good idea.. thanks for that.

    I'll give it a go
     
Thread Status:
Not open for further replies.