[asterisk-security] Honeypot Project

Roger Marquis marquis at roble.com
Fri Oct 14 14:13:29 CDT 2011


Victor Villarreal wrote:
> What if i modify at source code in channels/chan_sip.c the function
> handle_request_register() in 1.4 branch to save in DB the IPs that produce
> a registration failed, or fire a .sh that update the IPTables rules of the
> machine....

I'd prefer simply writing the failure message to a user-definable syslog
facility then let the sysadmin take it from there.  I doubt most
sysadmins want yet another DB when a standard log file is more KIS and
more than sufficient.  As long as the log message format doesn't change
this would also be easier to integrate with IDS like fail2ban and Splunk
(though we get better mileage out of locally-authored python scripts).

Roger Marquis



More information about the asterisk-security mailing list