[asterisk-dev] [Code Review]: Generate security events in chan_sip using new Security Events Framework

Mike Myhre digium at aeisecure.com
Fri Aug 12 18:28:35 CDT 2011


> Absolutely correct; the security events framework is just a mechanism 
> for reporting potentially interesting/valuable pieces of information. 
> Interpretation of them falls outside its scope entirely. With that 
> said, though, if there are pieces of information that cannot be 
> determined after the fact (because they are temporary), it would be 
> useful for them to be included in the event... because the event 
> generator, by definition, cannot know for sure which pieces of 
> information will be 'interesting' to the analyzer.

Yes.

    We would have to somehow store the previous guess, so that we could
    compare the new guess and determine if they are the same. Is that
    being done anywhere? Any quick suggestions?

So include the nonce or encrypted password with the event so the watcher 
can look for changes.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20110812/0c66a57a/attachment-0001.htm>


More information about the asterisk-dev mailing list