[asterisk-bugs] [JIRA] (ASTERISK-26006) Show offending IP for wrong TLS usage in logs

Asterisk Team (JIRA) noreply at issues.asterisk.org
Tue May 10 06:24:56 CDT 2016 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-26006?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=230526#comment-230526 ] 

Asterisk Team commented on ASTERISK-26006:
------------------------------------------

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].

> Show offending IP for wrong TLS usage in logs
> ---------------------------------------------
>
>                 Key: ASTERISK-26006
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-26006
>             Project: Asterisk
>          Issue Type: Improvement
>      Security Level: None
>          Components: Core/Logging
>    Affects Versions: 13.8.2
>         Environment: Arch Linux, KVM
>            Reporter: Oleksandr Natalenko
>            Severity: Minor
>
> Some tricky attackers could try to use Asterisk TLS port as HTTP/HTTPS proxy. Of course, that won't work for them, but the log is polluted with the following warnings and errors:
> {code}
> [May 10 14:21:21] ERROR[19119]: tcptls.c:609 handle_tcptls_connection: Problem setting up ssl connection: error:00000000:lib(0):func(0):reason(0)
> [May 10 14:21:21] WARNING[19119]: tcptls.c:684 handle_tcptls_connection: FILE * open failed!
> [May 10 14:21:21] ERROR[19141]: tcptls.c:609 handle_tcptls_connection: Problem setting up ssl connection: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
> [May 10 14:21:21] WARNING[19141]: tcptls.c:684 handle_tcptls_connection: FILE * open failed!
> {code}
> It would be nice to see offending IP here to feed the log to something like fail2ban to have attackers banned.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list