<div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">I set up a quick test by having some Polycom phones attempt to register</div>
with no matching device defined in sip.conf. Below is a snippet from the<br>
resulting security log file:<br><br></blockquote><div><br></div><div>Mathew, thanks for the test. However, that is not what this whole thread is about. I have allowguest=no and I am making call attempts to Asterisk without registration and wanting to log the source IP. Asterisk 10.1.x logs this message but nothing else that would be useful:</div>
<div><br></div><div> <i style>NOTICE[10331] chan_sip.c: Sending fake auth rejection for device "Anonymous" <sip:Anonymous@anonymous.invalid>;tag=as4a1b8317</i></div><div><i style><br></i></div><div><span style>Pavel on this thread suggested source IP will be logged for calls like that in CDRs but it is not true. Paul Belanger suggested using res_security_log for this purpose but I guess he hasn't tested this himself as there are no logs generated.</span></div>
<div><span style><br></span></div><div><span style>Here is the issue again for everyone: I have allowguest=no and I am making calls to Asterisk 1.8 or 10.x...The call is rejected with a message like this:</span></div><div>
<span style><br></span></div><div> <i style>NOTICE[10331] chan_sip.c: Sending fake auth rejection for device "Anonymous" <sip:Anonymous@anonymous.invalid>;tag=as4a1b8317</i>
</div><div><i style><br></i></div><div><span style><font color="#222222" face="arial, sans-serif">It's good up to this point but from here on it is not because there is NO source IP so I can NOT use any security tools to ban the attackers IP. I want to ban any outsiders who attempt on my Asterisk but Asterisk doesn't provide the needed log so unless I am missing something, allowguest=no feature is not complete as it doesn't log properly what it should log. Register attempts are logged properly with source IP address but the moment one turns on allowguest=no then the logs are INCOMPLETE.</font></span></div>
<div><span style><br></span></div><div><font color="#222222" face="arial, sans-serif">I appreciate any other suggestions regarding this.</font></div><div><font color="#222222" face="arial, sans-serif"><br></font></div><div>
<font color="#222222" face="arial, sans-serif">Thanks,</font></div></div>