[asterisk-biz] Bad routign or hack attempt ?
John Todd
jtodd at digium.com
Thu May 14 10:58:37 CDT 2009
On May 14, 2009, at 7:25 AM, Alex Balashov wrote:
> ContactTel Business wrote:
>
>> Here is the trace.. please DEVs... add a reporting option to sip
>> stack that
>> will report on that ip , or something..
>
> That's not really plausible.
Well, that's not entirely true.
There is an effort under way to create a separate logging channel for
security events, which each channel method could then populate with
incidents it feels are "bad" - this would obviously be channel-
dependent, but there are some common criteria for VoIP connection
issues that can be standardized. An external program would then have
to make sense of those events. At a minimum, a framework for
reporting illegitimate (and legitimate) authentication or
authorization attempts would allow forensics in a post-event situation
and/or permit external scripting to deflect some of the attack methods.
This was discussed to some degree on -dev, and extensively at the
Asterisk European Developers Meet-Up, though a summary proposal has
yet to be sent to -dev for discussion. If anyone is interested in
helping with the effort, I'd suggest keeping an eye on the -dev
mailing list for the write-up.
JT
----
John Todd email:jtodd at digium.com
Digium, Inc. | Asterisk Open Source Community Director
445 Jan Davis Drive NW - Huntsville AL 35806 - USA
direct: +1-256-428-6083 http://www.digium.com/
More information about the asterisk-biz
mailing list