No subject

{quote}
The SIP method OPTIONS allows a UA to query another UA or a proxy server as to its capabilities. This allows a client to discover information about the supported methods, content types, extensions, codecs, etc. without "ringing" the other party.

For example, before a client inserts a Require header field into an INVITE listing an option that it is not certain the destination UAS supports, the client can query the destination UAS with an OPTIONS to see if this option is returned in a Supported header field.
{quote}

Since INVITES are what creates a call, OPTIONS is probably not as big of a concern.  So, it was not added at the time.  In order to get the reporting of OPTIONS added, it would require adding the appropriate code to Asterisk and that would not show up until Asterisk 12 since that would be considered a new feature.  But, you are always free to add it yourself and even contribute the code if so desired.  Otherwise, we have to wait for someone to be able to contribute the additional code or see if someone like myself gets the time to add it.

More than likely, someone is scanning for an open PBX that would allow phone calls and since your box has the appropriate security settings in place, they are probably moving on.  According to the pcap, correct me if I am wrong, you are not getting hammered or anything from this scan.

      was (Author: elguero):
    First of all, Asterisk does not decide what is an attack and what is not.  The only thing it does is report events that might be of interest in a way that a tool, module, script, human being, etc. can parse the log and make a decision on what it wants to do with that information.

As of right now, only INVITE and REGISTER methods are being reported because that is all the initial implementation of security events in chan_sip was programmed for.  INVITE and REGISTER methods are, say, probably more of interest versus OPTIONS (not to say that it shouldn't be reported).