Solved Constant Invalid Authentication Attempts

Discussion in '3CX Phone System - General' started by Colddevil, Oct 10, 2017.

Thread Status:
Not open for further replies.
  1. Colddevil

    Joined:
    Jun 14, 2016
    Messages:
    13
    Likes Received:
    0
    Can anybody tell me what I am dealing with here? 16 seat Pro v14 (will be upgrading to v15 shortly).

    These authentication attempts are happening at least once a minute. I am unaware of what the "User-Agent: Ozeki VoIP SIP SDK v11.1.2" in addition to what the "To: 8060" and "From: 8060" are. Each attempt has a different 4-digit Contact trying to authenticate.

    There's no indication of what the external IP of this user-agent is. I've replaced my external and internal IP's in the code below that was taken from the Troubleshooting Activity Log. I assume this is an outside system trying to authenticate to mine, but I'm unsure on how to properly block it.

    Code:
    10-Oct-2017 09:22:21.235   [CM102001]: Authentication failed for AuthFail Recv Req REGISTER from MY_GATEWAY_IP:61710 tid=1b3a8e95-956f-420f-a389-646fb5cce621 Call-ID=syjtoakqqcrmdpcukeyfjvcoprnkunohmdwjvqrssrdpxpchvo:
    REGISTER sip:3CX_INTERNAL_IP:5060 SIP/2.0
    Via: SIP/2.0/UDP MY_GATEWAY_IP:6502;branch=z9hG4bK1b3a8e95-956f-420f-a389-646fb5cce621;rport=61710
    Max-Forwards: 70
    Contact: <sip:8060@MY_GATEWAY_IP:6502;rinstance=6ce0390b9542a34f>
    To: "8060"<sip:8060@3CX_INTERNAL_IP:5060>
    From: "8060"<sip:8060@3CX_INTERNAL_IP:5060>;tag=hlmumvvu
    Call-ID: syjtoakqqcrmdpcukeyfjvcoprnkunohmdwjvqrssrdpxpchvo
    CSeq: 2 REGISTER
    Expires: 3600
    Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, SUBSCRIBE, NOTIFY, REFER, INFO, MESSAGE
    Proxy-Authorization: Digest username="8060",realm="3CXPhoneSystem",nonce="414d535c0fed689d18:7ee14dec7c7e3552c89d6bb7d982dfe0",response="780205f41aff026434619c8a1c19bba9",uri="sip:MY_EXTERNAL_IP",algorithm=MD5
    Supported: 100rel
    User-Agent: Ozeki VoIP SIP SDK v11.1.2
    Content-Length: 0
     
  2. StefanW

    StefanW Head of Customer Support and Training
    Staff Member 3CX Support

    Joined:
    Jun 2, 2009
    Messages:
    1,218
    Likes Received:
    89
    User-Agent: Ozeki VoIP SIP SDK v11.1.2 is a known hacking and scanning tool, I suggest to upgrade to v15 rather soon as in v15.5 we deal with this user agent by default.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    Colddevil likes this.
  3. Colddevil

    Joined:
    Jun 14, 2016
    Messages:
    13
    Likes Received:
    0
    Oh, that's perfect. Thank you for the prompt response, StefanW. I will work on getting this taken care of.
     
Thread Status:
Not open for further replies.