[asterisk-bugs] [JIRA] Created: (ASTERISK-20506) chan_sip not reporting attacker IP
MBH (JIRA)
noreply at issues.asterisk.org
Wed Oct 3 06:35:27 CDT 2012
chan_sip not reporting attacker IP
----------------------------------
Key: ASTERISK-20506
URL: https://issues.asterisk.org/jira/browse/ASTERISK-20506
Project: Asterisk
Issue Type: Bug
Security Level: None
Components: Channels/chan_sip/General
Affects Versions: 1.8.15.1
Environment: CentOS release 5.8 (Final), Kernel 2.6.18-308.8.2.el5.028stab101.1, 32-bit, running on an OpenVZ VPS.
Reporter: MBH
My Asterisk box is being brute forced and I'm getting messages in the logs referencing my box's IP instead of the attacker's:
[2012-10-03 03:49:45] NOTICE[28161]: chan_sip.c:22723 handle_request_invite: Sending fake auth rejection for device 5550000<sip:5550000 at AsteriskIP>;tag=396cbe1b
The notice message is not logging the attacker IP at all, thus cannot be blocked using fail2ban.
The same is mentioned here: http://lists.digium.com/pipermail/asterisk-users/2011-March/260377.html and here http://forums.digium.com/viewtopic.php?t=78988
I'm using type=peer, alwaysauthreject=yes, allowguest=no
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the asterisk-bugs
mailing list