[asterisk-bugs] [JIRA] (ASTERISK-26006) Show offending IP for wrong TLS usage in logs
Oleksandr Natalenko (JIRA)
noreply at issues.asterisk.org
Tue May 10 06:24:56 CDT 2016
Oleksandr Natalenko created ASTERISK-26006:
----------------------------------------------
Summary: Show offending IP for wrong TLS usage in logs
Key: ASTERISK-26006
URL: https://issues.asterisk.org/jira/browse/ASTERISK-26006
Project: Asterisk
Issue Type: Improvement
Security Level: None
Components: Core/Logging
Affects Versions: 13.8.2
Environment: Arch Linux, KVM
Reporter: Oleksandr Natalenko
Severity: Minor
Some tricky attackers could try to use Asterisk TLS port as HTTP/HTTPS proxy. Of course, that won't work for them, but the log is polluted with the following warnings and errors:
{code}
[May 10 14:21:21] ERROR[19119]: tcptls.c:609 handle_tcptls_connection: Problem setting up ssl connection: error:00000000:lib(0):func(0):reason(0)
[May 10 14:21:21] WARNING[19119]: tcptls.c:684 handle_tcptls_connection: FILE * open failed!
[May 10 14:21:21] ERROR[19141]: tcptls.c:609 handle_tcptls_connection: Problem setting up ssl connection: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
[May 10 14:21:21] WARNING[19141]: tcptls.c:684 handle_tcptls_connection: FILE * open failed!
{code}
It would be nice to see offending IP here to feed the log to something like fail2ban to have attackers banned.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list