[asterisk-dev] [Code Review] Generate security events in chan_sip using new Security Events Framework

Tilghman Lesher reviewboard at asterisk.org
Fri Aug 12 02:14:11 CDT 2011


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/1362/#review4044
-----------------------------------------------------------



/branches/10/channels/chan_sip.c
<https://reviewboard.asterisk.org/r/1362/#comment7968>

    These functions should probably be prefixed with sip_ and added to the sip header file, so they can be called from the other sip code files.



/branches/10/channels/chan_sip.c
<https://reviewboard.asterisk.org/r/1362/#comment7963>

    It is helpful to know whether the invalid password is different from the previous invalid password from this peer (if possible).  You don't need to know what that previous guess was, as a security watcher can be expected to keep history.  This can be important, to distinguish a misconfigured phone with the wrong password (false positive) from a scan attack.



/branches/10/channels/chan_sip.c
<https://reviewboard.asterisk.org/r/1362/#comment7964>

    I don't know that this type of event has merit, as with SIP, you're going to have an event of this type with nearly every call.  When you're looking for a needle in a haystack, the last thing you want to do is add more hay.



/branches/10/channels/chan_sip.c
<https://reviewboard.asterisk.org/r/1362/#comment7966>

    This should probably be treated the same as an invalid password.



/branches/10/channels/chan_sip.c
<https://reviewboard.asterisk.org/r/1362/#comment7967>

    Similarly, another case for invalid password.  In a scan attack, any found peer will likely get this same event multiple times, indicating a real problem to the security event watcher.



/branches/10/configs/logger.conf.sample
<https://reviewboard.asterisk.org/r/1362/#comment7969>

    Could you explain this addition?  I don't see anything either in your patch or in trunk that uses this configuration line.


- Tilghman


On Aug. 12, 2011, 1:07 a.m., elguero wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/1362/
> -----------------------------------------------------------
> 
> (Updated Aug. 12, 2011, 1:07 a.m.)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Summary
> -------
> 
> Security Events Framework was added in 1.8 and support was added for AMI to generate events at that time.
> 
> This patch attempts to add support in chan_sip to generate security events.  Hopefully we can get this into Asterisk 10.
> 
> I am looking forward to hearing feedback on where this patch can be improved especially from those who have an intimate knowledge of chan_sip.
> 
> Thanks
> 
> 
> This addresses bug 18264.
>     https://issues.asterisk.org/jira/browse/18264
> 
> 
> Diffs
> -----
> 
>   /branches/10/channels/chan_sip.c 331633 
>   /branches/10/configs/logger.conf.sample 331633 
>   /branches/10/CHANGES 331633 
> 
> Diff: https://reviewboard.asterisk.org/r/1362/diff
> 
> 
> Testing
> -------
> 
> Local dev machine and a softphone.  Generated events by using the wrong username, wrong password, wrong auth name, successful authentication.
> 
> 
> Thanks,
> 
> elguero
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20110812/54aeaf5a/attachment-0001.htm>


More information about the asterisk-dev mailing list