[asterisk-dev] Better logging for SIP attacks
Paul Belanger
pabelanger at digium.com
Fri Jul 22 10:35:24 CDT 2011
On 11-07-22 01:51 AM, Philip Prindeville wrote:
> I'm looking at the following:
>
> Jul 15 16:39:31 pbx local0.notice asterisk[5760]: NOTICE[5794]: chan_sip.c:21372 in handle_request_invite: Call from '' to extension '000442070661000' rejected because extension not found in context 'INVALID'.
<snip>
> Jul 16 20:32:52 pbx local0.notice asterisk[5760]: NOTICE[5794]: chan_sip.c:21372 in handle_request_invite: Call from '' to extension '011442070661000' rejected because extension not found in context 'INVALID'.
>
>
> And thinking that without an IP address, I can't contact the abuser's ISP, but to get that I'd have to turn on SIP debugging, which on a fairly busy switch would just be too noisy.
>
> Should more information be logged with this?
>
Yes, support _should_ be added using res_security_log.c (security events
framework), if you we're looking to write a patch.
--
Paul Belanger
Digium, Inc. | Software Developer
twitter: pabelanger | IRC: pabelanger (Freenode)
Check us out at: http://digium.com & http://asterisk.org
More information about the asterisk-dev
mailing list