[asterisk-dev] Non-universalized log messages render security tools useless in Asterisk SVN-branch-1.8-r354348 or maybe other versions as well !!!
Bruce B
bruceb444 at gmail.com
Mon Feb 13 09:55:45 CST 2012
>
> I set up a quick test by having some Polycom phones attempt to register
> with no matching device defined in sip.conf. Below is a snippet from the
> resulting security log file:
>
>
Mathew, thanks for the test. However, that is not what this whole thread is
about. I have allowguest=no and I am making call attempts to Asterisk
without registration and wanting to log the source IP. Asterisk 10.1.x logs
this message but nothing else that would be useful:
*NOTICE[10331] chan_sip.c: Sending fake auth rejection for device
"Anonymous" <sip:Anonymous at anonymous.invalid>;tag=as4a1b8317*
*
*
Pavel on this thread suggested source IP will be logged for calls like that
in CDRs but it is not true. Paul Belanger suggested using res_security_log
for this purpose but I guess he hasn't tested this himself as there are no
logs generated.
Here is the issue again for everyone: I have allowguest=no and I am making
calls to Asterisk 1.8 or 10.x...The call is rejected with a message like
this:
*NOTICE[10331] chan_sip.c: Sending fake auth rejection for device
"Anonymous" <sip:Anonymous at anonymous.invalid>;tag=as4a1b8317*
*
*
It's good up to this point but from here on it is not because there is NO
source IP so I can NOT use any security tools to ban the attackers IP. I
want to ban any outsiders who attempt on my Asterisk but Asterisk doesn't
provide the needed log so unless I am missing something, allowguest=no
feature is not complete as it doesn't log properly what it should log.
Register attempts are logged properly with source IP address but
the moment one turns on allowguest=no then the logs are INCOMPLETE.
I appreciate any other suggestions regarding this.
Thanks,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20120213/2ee52d8d/attachment.htm>
More information about the asterisk-dev
mailing list