[asterisk-dev] Non-universalized log messages render security tools useless in Asterisk SVN-branch-1.8-r354348 or maybe other versions as well !!!
Michael L. Young
myoung at acsacc.com
Mon Feb 13 10:29:47 CST 2012
----- Original Message -----
> From: "Bruce B" <bruceb444 at gmail.com>
> To: "Asterisk Developers Mailing List"
> <asterisk-dev at lists.digium.com>
> Sent: Monday, February 13, 2012 10:55:45 AM
> Subject: Re: [asterisk-dev] Non-universalized log messages render
> security tools useless in Asterisk SVN-branch-1.8-r354348 or maybe
> other versions as well !!!
> > I set up a quick test by having some Polycom phones attempt to
> > register with no matching device defined in sip.conf. Below is a
> > snippet from the
>
> > resulting security log file:
>
> Mathew, thanks for the test. However, that is not what this whole
> thread is about. I have allowguest=no and I am making call attempts
> to Asterisk without registration and wanting to log the source IP.
> Asterisk 10.1.x logs this message but nothing else that would be
> useful:
> NOTICE[10331] chan_sip.c: Sending fake auth rejection for device
> "Anonymous" <sip:Anonymous at anonymous.invalid>;tag=as4a1b8317
> Pavel on this thread suggested source IP will be logged for calls
> like that in CDRs but it is not true. Paul Belanger suggested using
> res_security_log for this purpose but I guess he hasn't tested this
> himself as there are no logs generated.
> Here is the issue again for everyone: I have allowguest=no and I am
> making calls to Asterisk 1.8 or 10.x...The call is rejected with a
> message like this:
> NOTICE[10331] chan_sip.c: Sending fake auth rejection for device
> "Anonymous" <sip:Anonymous at anonymous.invalid>;tag=as4a1b8317
> It's good up to this point but from here on it is not because there
> is NO source IP so I can NOT use any security tools to ban the
> attackers IP. I want to ban any outsiders who attempt on my Asterisk
> but Asterisk doesn't provide the needed log so unless I am missing
> something, allowguest=no feature is not complete as it doesn't log
> properly what it should log. Register attempts are logged properly
> with source IP address but the moment one turns on allowguest=no
> then the logs are INCOMPLETE.
> I appreciate any other suggestions regarding this.
One suggestion, please be careful with the attitude. I hope it is just coming across wrong and that I am reading wrong your emails. It isn't good for trying to get help.
I think I found the problem. You are correct. With allowguest=no set, the security log does not record anything when a person is not registered.
I can easily fix this, I believe. Can you go ahead and open an issue and post back the issue number?
Michael
(elguero)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20120213/2599a775/attachment.htm>
More information about the asterisk-dev
mailing list