[asterisk-dev] Fwd: Asterisk Sip Registration Hooks
CDR
venefax at gmail.com
Fri Jul 29 17:54:32 CDT 2011
I think that this patch is a fantastic idea and want to encourage the
developer to add it to 1.8, and also provide a private patch for the
people that are not yet ready for 1.8, since 1.8 has some bast bugs
like cdr's being wrong, etc.
I will test the patch in production as soon as you have it ready, in
my 1.6.2 installation.
On Fri, Jul 29, 2011 at 3:17 PM, Mike Myhre <digium at aeisecure.com> wrote:
> I have been looking at writing a security module for asterisk that will
> provide much better defense against BFD attacks. Currently it appears
> the best method (if you need to leave your server open to registrations
> from any IP) is to scan the log files on a regular basis. Even scanning
> once a minute, that can give the attacker thousands of attempts to find
> a valid peer. My add-on module will add to the iptables and block within
> just a few attempts since the signature of the BFD attacks are to
> register multiple peers that are invalid from the same IP in under a
> second. Legitimate peers that are registering my have invalid if someone
> mistyped the info, but even if they happen in a short time, they will be
> the same information. There are more qualifications to ban a registering
> peer so as not to get a false positive, but that is an easy thing for my
> module to do very well; much better than a log scanner.
>
> There are other needs to hook into the registrations as they come into
> asterisk like when you are setting up a new phone, the first thing you
> want to know is did it register. These things can be done in other ways
> (like a monitor interface), but having the ability to create a module
> (or several) that will take action when a SIP registration happens
> (successful or not), is desperately needed and will create a much more
> secure environment.
>
> I have modified the chan_sip.c file on my 1.6.2.19.1 version of asterisk
> to provide two functions that register and unregister a handler function.
>
> What are the chances of being able to include this code in the next
> release of the current branches (1.6, 1.8 and 10)?
> I am sure other developers can take advantage of this option, and it is
> very low risk (modeled after the logger.h verboser methods).
>
> Thanks,
>
> Mike Myhre
>
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-dev
>
More information about the asterisk-dev
mailing list