[asterisk-dev] [Code Review]: Generate security events in chan_sip using new Security Events Framework

[Mike Myhre]

    It is helpful to know whether the invalid password is different from
    the previous invalid password from this peer (if possible). You
    don't need to know what that previous guess was, as a security
    watcher can be expected to keep history. This can be important, to
    distinguish a misconfigured phone with the wrong password (false
    positive) from a scan attack.

That sounds more like a firewall/brute force detector job than generating the security events. I am already checking for changing user names and have a structure to track that and assess points based on 'guesses' more than repeating the same thing like a phone would do. The security event structure I have seen so far, doesn't analyze the events, it just generates them. It seems like that should continue to be the case to give more flexibility to other modules that wish to analyze the events.

	Mike


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20110812/8c9188ab/attachment.htm>