[asterisk-bugs] [JIRA] (ASTERISK-27472) 401 Unauthorized from INVITE not generating security event
Michelle Dupuis (JIRA)
noreply at issues.asterisk.org
Sat Dec 23 10:10:42 CST 2017
[ https://issues.asterisk.org/jira/browse/ASTERISK-27472?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michelle Dupuis updated ASTERISK-27472:
---------------------------------------
Status: Waiting for Feedback (was: Waiting for Feedback)
I see this in the CLI:
chan_sip.c: No matching peer for '‘hi'or‘x’='x';' from '185.107.94.10:37331'
Which suggests there was a failure - but no security event is raised. I'm not sure if your last comment was for me, but I'm sure not qualified to program this kind of thing :)
> 401 Unauthorized from INVITE not generating security event
> ----------------------------------------------------------
>
> Key: ASTERISK-27472
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-27472
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_sip/General, Channels/chan_sip/Security Framework
> Affects Versions: 13.7.2
> Environment: CentOS 7
> Reporter: Michelle Dupuis
> Assignee: Michelle Dupuis
> Severity: Minor
>
> Using 'set sip debug on' I can watch the SIP traffic to/from the PBX. I also have another monitor open showing security events from the AMI. I can confirm that failed registration attempts correctly raising security events, but one type of failed SIP transaction is showing 401 Unauthorized in the CLI, but NO security event in the AMI. See Notes below for an example SIP trace that is NOT raising a security event.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list