[asterisk-dev] Asterisk 11.3.0 / chan_sip.c / Failed to authenticate device - Message
Matthew Jordan
mjordan at digium.com
Mon May 6 11:10:27 CDT 2013
On 05/06/2013 03:48 AM, Thorsten Göllner wrote:
> Hi,
>
> after upgrading from Asterisk 1.6 to 11.3.0 I get over 100 messages per
> day like "Failed to authenticate device 100" (with core set verbose 10).
> It look like some type of enumeration from a "non friendly" client. The
> message has no ip-address included so that I could add a new rule to
> fail2ban. I checked the source code and found in chan_sip.c six times:
>
> ast_log(LOG_NOTICE, "Failed to authenticate device %s\n",
> sip_get_header(req, "From"));
>
> I could change it into:
>
> ast_log(LOG_NOTICE, "Failed to authenticate device %s with address
> '%s'\n", sip_get_header(req, "From"), ast_sockaddr_stringify(addr));
>
> Do you think, that does make sense or do I make a mistake perhaps?
> (I have only little experience with developer lists and sip development
> overall)
>
You really shouldn't need to change the log messages in Asterisk for
security reasons, particularly in Asterisk 10+. Asterisk contains a
security event framework that should log security issues out in a well
defined format suitable for consumption by fail2ban (and other systems).
More information on it can be found here:
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Security+Framework
--
Matthew Jordan
Digium, Inc. | Engineering Manager
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at: http://digium.com & http://asterisk.org
More information about the asterisk-dev
mailing list