[asterisk-dev] Better logging for SIP attacks

Russell Bryant russell at digium.com
Fri Jul 22 11:22:03 CDT 2011


On 7/22/11 10:35 AM, Paul Belanger wrote:
> On 11-07-22 01:51 AM, Philip Prindeville wrote:
>> I'm looking at the following:
>>
>> Jul 15 16:39:31 pbx local0.notice asterisk[5760]: NOTICE[5794]:
>> chan_sip.c:21372 in handle_request_invite: Call from '' to extension
>> '000442070661000' rejected because extension not found in context
>> 'INVALID'.
> <snip>
>> Jul 16 20:32:52 pbx local0.notice asterisk[5760]: NOTICE[5794]:
>> chan_sip.c:21372 in handle_request_invite: Call from '' to extension
>> '011442070661000' rejected because extension not found in context
>> 'INVALID'.
>>
>>
>> And thinking that without an IP address, I can't contact the abuser's
>> ISP, but to get that I'd have to turn on SIP debugging, which on a
>> fairly busy switch would just be too noisy.
>>
>> Should more information be logged with this?
>>
> Yes, support _should_ be added using res_security_log.c (security events
> framework), if you we're looking to write a patch.
>

For the API:

http://svnview.digium.com/svn/asterisk/trunk/include/asterisk/security_events_defs.h?view=markup

http://svnview.digium.com/svn/asterisk/trunk/include/asterisk/security_events.h?view=markup

Example usage can be found in main/manager.c.

-- 
Russell Bryant
Digium, Inc.     |    Engineering Manager, Asterisk
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
www.digium.com         -=-         www.asterisk.org



More information about the asterisk-dev mailing list