[asterisk-dev] Asterisk Network Security Idea (using tcp_wrappers)
Anthony Plack
tony at plack.net
Mon Mar 30 20:15:56 CDT 2009
>
> void ast_log_invalid(const char *module, const char *reason, const char *ipaddr, const char *for)
Forgive my ignorance, but I would like to know what constitutes an invalid?
I love the idea of finally using tcp_wrappers. I love the idea of Asterisk finally logging security issues. I love the discussion about using syslog features for Asterisk.
What I don't understand is how Asterisk, at a low level is going to know if something is invalid? At what point to we get host.deny involved?
For example, a valid client on a box were to start phreaking the extensions on the box, and I get a flood of 484's, do I then put a rule in place stating that any more than five 484's will block that IP address? What about valid mis-dials or clients set up with early dial features? Troubleshooting this spaghetti mess will be real fun.
Or are we just looking for the SIP/IAX authentication? Do we need additional modules in the system for this?
BTW, this makes every sense on the HTTP and Manager Apps.
If this were a vote, I would have to say, that I would vote for Asterisk at least reporting EVERY transaction and allowing an external application to parse who is valid and who is not.
The current "check_auth: username mismatch" might flag the app, but in some installs, might not.
So when should asterisk call the "ast_log_invalid" function over the "ast_log_event" function?
Just some thoughts on this awesome idea.
Best Regards,
Tony Plack
More information about the asterisk-dev
mailing list