[asterisk-bugs] [JIRA] (ASTERISK-25869) chan_sip: "rejected because extension not found" should be logged as a security event
Friendly Automation (JIRA)
noreply at issues.asterisk.org
Mon Dec 18 09:18:07 CST 2017
[ https://issues.asterisk.org/jira/browse/ASTERISK-25869?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=240717#comment-240717 ]
Friendly Automation commented on ASTERISK-25869:
------------------------------------------------
Change 7590 merged by Jenkins2:
chan_sip: Add security event for calls to invalid extension.
[https://gerrit.asterisk.org/7590|https://gerrit.asterisk.org/7590]
> chan_sip: "rejected because extension not found" should be logged as a security event
> -------------------------------------------------------------------------------------
>
> Key: ASTERISK-25869
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-25869
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_sip/Security Framework
> Affects Versions: 13.7.1
> Reporter: Brian J. Murrell
> Assignee: Corey Farrell
> Attachments: ASTERISK-25869.patch
>
>
> Events such as:
> {noformat}
> chan_sip.c:25697 handle_request_invite: Call from '' (159.122.92.46:5076) to extension '900972598081022' rejected because extension not found in context 'inbound-anon-sip'.
> {noformat}
> should be logged as a security issue in the security log as it is very indicative of a cracker trying to use an unsecured Asterisk server and such crackers should be logged.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list