[asterisk-users] Security Logging
Warren Selby
wcselby at selbytech.com
Tue Feb 9 15:33:10 CST 2010
Hello list,
I've got a client who's weak sip passwords are being guessed by remote
entities who then connect to their server and use it to wardial large
swaths of numbers. When they start receiving complaints, they call me
and I add the ip address of the remote user to the iptables drop list.
At the same time, my own personal asterisk server, using strong sip
passwords, has seen connections from remote entities. I'm not sure
how these passwords were guessed (or even if they were guessed), as
they were at a minimum 10 characters long, not based on dictionary
words, and used numbers, letters, and symbols.
Is there some logging capability that allows me to see every IP
address of every sip registration attempt, along with details about
the sip reg attempt (I.e user name tried, success or failure, user
agent, etc). I haven't found a way to do this yet, I'm hoping I've
just missed something simple?
Thanks,
Warren Selby
More information about the asterisk-users
mailing list