[asterisk-bugs] [JIRA] (ASTERISK-19348) With alwaysauthreject=yes AND allowguest=no Asterisk fails to report a SIP Security Event

Wed Apr 24 11:15:38 CDT 2013

    [ https://issues.asterisk.org/jira/browse/ASTERISK-19348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=205754#comment-205754 ] 

Vladimir Mikhelson edited comment on ASTERISK-19348 at 4/24/13 11:15 AM:
-------------------------------------------------------------------------

Michael L. Young,

I am on the list, I did read the WiKi.

Sorry, I did not know the code was attempted to be submitted with no appropriate license. That explains why it was not attached to the case.  It probably still could have been left in-line as a comment in order to help others like myself.

I still strongly recommend to reconsider the one-year-old decision to ignore the case.  What happens here is a serious security bug / lack of design being ignored.

Thank you,
Vladimir

      was (Author: vmikhelson):
    Michael L. Young,

I am on the list, I did read the WiKi.

Sorry, I did not know that the code was attempted to be submitted with no appropriate license. That explains why it was not attached to the case.  It probably still could have been left in-line as a comment in order to help others like myself.

I still strongly recommend to reconsider the one-year-old decision to ignore the case.  What happens here is a serious security bug / lack of design being ignored.

Thank you,
Vladimir

> With alwaysauthreject=yes AND allowguest=no Asterisk fails to report a SIP Security Event
> -----------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-19348
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-19348
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/General
>    Affects Versions: 1.8.9.2, 10.1.2
>            Reporter: Bruce B
>         Attachments: asterisk-19348-auth_fake-sec-event_v1.patch, asterisk-19348-auth_fake-sip-log-event_v1.patch
>
>
> Asterisk should log source IP address of incoming calls when allowguest=no AND alwaysauthreject=yes but it doesn't. It seems to be a deficiency of allowguest feature. The only log found when there is an incoming call is this which doesn't include source IP address:
> NOTICE[10331] chan_sip.c: Sending fake auth rejection for device "Anonymous" <sip:Anonymous at anonymous.invalid>;tag=as4a1b8317
> ***WARNING: source IP address in this MUST be pulled from OS network layer rather than relying on SIP Packets as spoofed source IP is not really the source IP. Better yet maybe include both spoofed source IP and true source IP in a message like this:
> chan_sip.c: NOTICE[xxxxx]: Call attempt was made from SPOOFED SOURCE IP: x.x.x.x with TRUE SOURCE IP: x.x.x.x
> ***It's best to create this log in full log file as well.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira