[asterisk-dev] Non-universalized log messages render security tools useless in Asterisk SVN-branch-1.8-r354348 or maybe other versions as well !!!
Bruce B
bruceb444 at gmail.com
Mon Feb 13 10:42:20 CST 2012
Michael, thanks. I am happy there is an understanding here. Issue is opened
under #19348. I suggested my recommendation on how it should be implemented
but you know best.
https://issues.asterisk.org/jira/browse/ASTERISK-19348
Best,
On Mon, Feb 13, 2012 at 11:29 AM, Michael L. Young <myoung at acsacc.com>wrote:
> ------------------------------
>
> *From: *"Bruce B" <bruceb444 at gmail.com>
> *To: *"Asterisk Developers Mailing List" <asterisk-dev at lists.digium.com>
> *Sent: *Monday, February 13, 2012 10:55:45 AM
>
> *Subject: *Re: [asterisk-dev] Non-universalized log messages render
> security tools useless in Asterisk SVN-branch-1.8-r354348 or maybe other
> versions as well !!!
>
> I set up a quick test by having some Polycom phones attempt to register
>> with no matching device defined in sip.conf. Below is a snippet from the
>> resulting security log file:
>>
>>
> Mathew, thanks for the test. However, that is not what this whole thread
> is about. I have allowguest=no and I am making call attempts to Asterisk
> without registration and wanting to log the source IP. Asterisk 10.1.x logs
> this message but nothing else that would be useful:
>
> *NOTICE[10331] chan_sip.c: Sending fake auth rejection for device
> "Anonymous" <sip:Anonymous at anonymous.invalid>;tag=as4a1b8317*
> *
> *
> Pavel on this thread suggested source IP will be logged for calls like
> that in CDRs but it is not true. Paul Belanger suggested using
> res_security_log for this purpose but I guess he hasn't tested this himself
> as there are no logs generated.
>
> Here is the issue again for everyone: I have allowguest=no and I am making
> calls to Asterisk 1.8 or 10.x...The call is rejected with a message like
> this:
>
> *NOTICE[10331] chan_sip.c: Sending fake auth rejection for device
> "Anonymous" <sip:Anonymous at anonymous.invalid>;tag=as4a1b8317*
> *
> *
> It's good up to this point but from here on it is not because there is NO
> source IP so I can NOT use any security tools to ban the attackers IP. I
> want to ban any outsiders who attempt on my Asterisk but Asterisk doesn't
> provide the needed log so unless I am missing something, allowguest=no
> feature is not complete as it doesn't log properly what it should log.
> Register attempts are logged properly with source IP address but
> the moment one turns on allowguest=no then the logs are INCOMPLETE.
>
> I appreciate any other suggestions regarding this.
>
> One suggestion, please be careful with the attitude. I hope it is just
> coming across wrong and that I am reading wrong your emails. It isn't good
> for trying to get help.
>
> I think I found the problem. You are correct. With allowguest=no set,
> the security log does not record anything when a person is not registered.
>
> I can easily fix this, I believe. Can you go ahead and open an issue and
> post back the issue number?
>
> Michael
>
> (elguero)
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20120213/0c38f483/attachment-0001.htm>
More information about the asterisk-dev
mailing list