[asterisk-bugs] [JIRA] (ASTERISK-26006) Show offending IP for wrong TLS usage in logs
Rusty Newton (JIRA)
noreply at issues.asterisk.org
Thu May 12 08:40:56 CDT 2016
[ https://issues.asterisk.org/jira/browse/ASTERISK-26006?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rusty Newton updated ASTERISK-26006:
------------------------------------
Status: Open (was: Triage)
> Show offending IP for wrong TLS usage in logs
> ---------------------------------------------
>
> Key: ASTERISK-26006
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-26006
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_sip/TCP-TLS, Core/Logging
> Affects Versions: 13.8.2
> Environment: Arch Linux, KVM
> Reporter: Oleksandr Natalenko
> Severity: Minor
>
> Some tricky attackers could try to use Asterisk TLS port as HTTP/HTTPS proxy. Of course, that won't work for them, but the log is polluted with the following warnings and errors:
> {code}
> [May 10 14:21:21] ERROR[19119]: tcptls.c:609 handle_tcptls_connection: Problem setting up ssl connection: error:00000000:lib(0):func(0):reason(0)
> [May 10 14:21:21] WARNING[19119]: tcptls.c:684 handle_tcptls_connection: FILE * open failed!
> [May 10 14:21:21] ERROR[19141]: tcptls.c:609 handle_tcptls_connection: Problem setting up ssl connection: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
> [May 10 14:21:21] WARNING[19141]: tcptls.c:684 handle_tcptls_connection: FILE * open failed!
> {code}
> It would be nice to see offending IP here to feed the log to something like fail2ban to have attackers banned.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list