[asterisk-dev] [Code Review]: Generate security events in chan_sip using new Security Events Framework

Kevin P. Fleming kpfleming at digium.com
Sat Aug 13 07:08:50 CDT 2011


On 08/12/2011 06:28 PM, Mike Myhre wrote:
>
>> Absolutely correct; the security events framework is just a mechanism
>> for reporting potentially interesting/valuable pieces of information.
>> Interpretation of them falls outside its scope entirely. With that
>> said, though, if there are pieces of information that cannot be
>> determined after the fact (because they are temporary), it would be
>> useful for them to be included in the event... because the event
>> generator, by definition, cannot know for sure which pieces of
>> information will be 'interesting' to the analyzer.
>
> Yes.
>
>     We would have to somehow store the previous guess, so that we could
>     compare the new guess and determine if they are the same. Is that
>     being done anywhere? Any quick suggestions?
>
> So include the nonce or encrypted password with the event so the watcher
> can look for changes.

As I posted on the ReviewBoard, this won't work. Since the nonce is 
different on every authentication attempt, and the digest function is 
not reversible, there is no way to determine whether the two attempts 
were made using the same, or different, passwords.

-- 
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
Jabber: kfleming at digium.com | SIP: kpfleming at digium.com | Skype: kpfleming
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at www.digium.com & www.asterisk.org



More information about the asterisk-dev mailing list