[asterisk-bugs] [JIRA] Commented: (ASTERISK-20506) With alwaysauthreject=yes AND allowguest=no Asterisk fails to report Attacker's IP Address

[Michael L. Young (JIRA)]

    [ https://issues.asterisk.org/jira/browse/ASTERISK-20506?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=198169#comment-198169 ] 

Michael L. Young commented on ASTERISK-20506:
---------------------------------------------

Well, the point of sip set debug on was to see the sip messages from the console and see what was coming in and out from your pbx.  The reason for my asking if it was INVITE or REGISTER is that sip only reports security events for those two methods.

> With alwaysauthreject=yes AND allowguest=no Asterisk fails to report Attacker's IP Address
> ------------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-20506
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-20506
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/General
>    Affects Versions: 1.8.15.1
>         Environment: CentOS release 5.8 (Final), Kernel 2.6.18-308.8.2.el5.028stab101.1, 32-bit, running on an OpenVZ VPS.
>            Reporter: MBH
>
> My Asterisk box is being brute forced and I'm getting messages in the logs referencing my box's IP instead of the attacker's:
> [2012-10-03 03:49:45] NOTICE[28161]: chan_sip.c:22723 handle_request_invite: Sending fake auth rejection for device 5550000<sip:5550000 at AsteriskIP>;tag=396cbe1b
> The notice message is not logging the attacker IP at all, thus cannot be blocked using fail2ban.
> The same is mentioned here: http://lists.digium.com/pipermail/asterisk-users/2011-March/260377.html and here http://forums.digium.com/viewtopic.php?t=78988
> I'm using type=peer, alwaysauthreject=yes, allowguest=no

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira