[asterisk-dev] [Code Review] Generate security events in chan_sip using new Security Events Framework
Tilghman Lesher
reviewboard at asterisk.org
Fri Aug 12 02:14:11 CDT 2011
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/1362/#review4044
-----------------------------------------------------------
/branches/10/channels/chan_sip.c
<https://reviewboard.asterisk.org/r/1362/#comment7968>
These functions should probably be prefixed with sip_ and added to the sip header file, so they can be called from the other sip code files.
/branches/10/channels/chan_sip.c
<https://reviewboard.asterisk.org/r/1362/#comment7963>
It is helpful to know whether the invalid password is different from the previous invalid password from this peer (if possible). You don't need to know what that previous guess was, as a security watcher can be expected to keep history. This can be important, to distinguish a misconfigured phone with the wrong password (false positive) from a scan attack.
/branches/10/channels/chan_sip.c
<https://reviewboard.asterisk.org/r/1362/#comment7964>
I don't know that this type of event has merit, as with SIP, you're going to have an event of this type with nearly every call. When you're looking for a needle in a haystack, the last thing you want to do is add more hay.
/branches/10/channels/chan_sip.c
<https://reviewboard.asterisk.org/r/1362/#comment7966>
This should probably be treated the same as an invalid password.
/branches/10/channels/chan_sip.c
<https://reviewboard.asterisk.org/r/1362/#comment7967>
Similarly, another case for invalid password. In a scan attack, any found peer will likely get this same event multiple times, indicating a real problem to the security event watcher.
/branches/10/configs/logger.conf.sample
<https://reviewboard.asterisk.org/r/1362/#comment7969>
Could you explain this addition? I don't see anything either in your patch or in trunk that uses this configuration line.
- Tilghman
On Aug. 12, 2011, 1:07 a.m., elguero wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/1362/
> -----------------------------------------------------------
>
> (Updated Aug. 12, 2011, 1:07 a.m.)
>
>
> Review request for Asterisk Developers.
>
>
> Summary
> -------
>
> Security Events Framework was added in 1.8 and support was added for AMI to generate events at that time.
>
> This patch attempts to add support in chan_sip to generate security events. Hopefully we can get this into Asterisk 10.
>
> I am looking forward to hearing feedback on where this patch can be improved especially from those who have an intimate knowledge of chan_sip.
>
> Thanks
>
>
> This addresses bug 18264.
> https://issues.asterisk.org/jira/browse/18264
>
>
> Diffs
> -----
>
> /branches/10/channels/chan_sip.c 331633
> /branches/10/configs/logger.conf.sample 331633
> /branches/10/CHANGES 331633
>
> Diff: https://reviewboard.asterisk.org/r/1362/diff
>
>
> Testing
> -------
>
> Local dev machine and a softphone. Generated events by using the wrong username, wrong password, wrong auth name, successful authentication.
>
>
> Thanks,
>
> elguero
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20110812/54aeaf5a/attachment-0001.htm>
More information about the asterisk-dev
mailing list