Bug#714861: Asterisk do not log source IP for Failed to authenticate device
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Wed Jul 3 22:48:29 UTC 2013
On Wed, Jul 03, 2013 at 06:36:44PM +0400, Козак Иван Васильевич wrote:
> Package: Asterisk
> Version: 1:1.8.13.1~dfsg-3
>
> Problem: Asterisk 1.8 do not log source IP address used for brute
> force attacks in some cases. Thus usage of Fail2ban or other tools
> is limited.
>
> [Jul 3 17:50:33] NOTICE[9381] chan_sip.c: Failed to authenticate
> device 2011<sip:2011 at 88.87.95.127>;tag=b64644c2
>
> bug like http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706739 for
> Asterisk 1.6 in Squeeze
This is technically a simple issue to fix (I don't have the upstream
issue handy, but it's nothing much more thn a fix of a format string and
such). Upstream declined to do so for 1.8 as it was too late to do so by
the time it froze. For the same reason I don't see this bug getting
fixed in Wheezy (right?).
For 11 (which should hopefully land in Unstable there is a separate
"security" log source that lists security events in a much better way.
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com
More information about the Pkg-voip-maintainers
mailing list