[asterisk-dev] Better logging for SIP attacks
Russell Bryant
russell at digium.com
Fri Jul 22 11:22:03 CDT 2011
On 7/22/11 10:35 AM, Paul Belanger wrote:
> On 11-07-22 01:51 AM, Philip Prindeville wrote:
>> I'm looking at the following:
>>
>> Jul 15 16:39:31 pbx local0.notice asterisk[5760]: NOTICE[5794]:
>> chan_sip.c:21372 in handle_request_invite: Call from '' to extension
>> '000442070661000' rejected because extension not found in context
>> 'INVALID'.
> <snip>
>> Jul 16 20:32:52 pbx local0.notice asterisk[5760]: NOTICE[5794]:
>> chan_sip.c:21372 in handle_request_invite: Call from '' to extension
>> '011442070661000' rejected because extension not found in context
>> 'INVALID'.
>>
>>
>> And thinking that without an IP address, I can't contact the abuser's
>> ISP, but to get that I'd have to turn on SIP debugging, which on a
>> fairly busy switch would just be too noisy.
>>
>> Should more information be logged with this?
>>
> Yes, support _should_ be added using res_security_log.c (security events
> framework), if you we're looking to write a patch.
>
For the API:
http://svnview.digium.com/svn/asterisk/trunk/include/asterisk/security_events_defs.h?view=markup
http://svnview.digium.com/svn/asterisk/trunk/include/asterisk/security_events.h?view=markup
Example usage can be found in main/manager.c.
--
Russell Bryant
Digium, Inc. | Engineering Manager, Asterisk
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
www.digium.com -=- www.asterisk.org
More information about the asterisk-dev
mailing list