Hi all - my Kamailio - 4.1.6 is receiving this particular structured INVITES from multiple IPs, and for some reason it is not requesting authentication. I have AUTH & IPAUTH modules in use for two years now, but this is bypassing that and actually forwarding the invite to asterisk servers behind Kamailio.

I notice from the invite that the contact (c=IN IP4 10.10.10.10) is unusual and in the private range. Is this what is bypassing Authentication?

Any Pointers on how to stop this. This is flooding my boxes!

==========================================

2016/09/16 06:45:16.824768 83.48.28.27:63029 -> MYPUBLICIP:5060 INVITE sip:9441134018000@MYPUBLICIPSIP/2.0 Via: SIP/2.0/UDP 83.48.28.27:5060;branch=z9hG4bK898408493 Max-Forwards: 70 From: "442030930112" sip:442030930112@83.48.28.27;tag=5044916148 To: sip:9441134018000@MYPUBLICIP Contact: sip:442030930112@83.48.28.27 Call-ID: 9xCjfQkrmDwT7D6AqM0BTYAgmWjG84nq CSeq: 102 INVITE User-Agent: SIP Call Date: Fri, 16 Sep 2016 05:45:48 +0000 Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, INFO, MESSAGE Supported: replaces, timer Content-Type: application/sdp Content-Length: 308

v=0 o=442030930112 8982 1536 IN IP4 10.10.10.10 s=SIP c=IN IP4 10.10.10.10 t=0 0 m=audio 14806 RTP/AVP 0 3 8 4 18 101 a=rtpmap:0 PCMA/8000 a=rtpmap:3 GSM/8000 a=rtpmap:8 PCMU/8000 a=rtpmap:4 G723/8000 a=rtpmap:18 G729/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-16 a=ptime:20 a=sendrecv

Regards

Eric