| Summary: | ASTERISK-25869: chan_sip: "rejected because extension not found" should be logged as a security event | ||||
| Reporter: | Brian J. Murrell (brian_j_murrell) | Labels: | patch | ||
| Date Opened: | 2016-03-27 13:44:07 | Date Closed: | 2017-12-18 09:00:29.000-0600 | ||
| Priority: | Major | Regression? | |||
| Status: | Closed/Complete | Components: | Channels/chan_sip/Security Framework | ||
| Versions: | 13.7.1 | Frequency of Occurrence | Frequent | ||
| Related Issues: |
| ||||
| Environment: | Attachments: | ( 0) ASTERISK-25869.patch | |||
| Description: | Events such as:
{noformat} chan_sip.c:25697 handle_request_invite: Call from '' (159.122.92.46:5076) to extension '900972598081022' rejected because extension not found in context 'inbound-anon-sip'. {noformat} should be logged as a security issue in the security log as it is very indicative of a cracker trying to use an unsecured Asterisk server and such crackers should be logged. | ||||
| Comments: | By: Asterisk Team (asteriskteam) 2016-03-27 13:44:07.881-0500 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. By: Brian J. Murrell (brian_j_murrell) 2016-03-28 08:35:36.730-0500 How can a security bug be "Minor"? By: Joshua C. Colp (jcolp) 2016-03-28 08:42:14.919-0500 I've marked it as Major again but initially I downgraded it because it's not in the same class as a security event existing but the code stopping it from being published. As well because this interacts with the dialplan there's an entry point to easily add dialplan logic using a catch-all to report this information using that method. Other actions don't have that same ability. By: Corey Farrell (coreyfarrell) 2016-10-06 01:39:44.373-0500 Please try the attached patch, let me know if it serves your needs. By: Corey Farrell (coreyfarrell) 2017-12-14 15:47:25.155-0600 No response from reporter, proceeding under assumption that my patch completely resolves the issue. By: Brian J. Murrell (brian_j_murrell) 2017-12-16 11:23:25.447-0600 Yeah, sorry about the lack of response. Not sure why I didn't see the question. I'm not tooled up to easily build from source (yet). I'd imagine it solves the problem though. I will see about getting a new build going soon with the patch applied and see how it does. By: Friendly Automation (friendly-automation) 2017-12-18 09:00:30.683-0600 Change 7592 merged by Jenkins2: chan_sip: Add security event for calls to invalid extension. [https://gerrit.asterisk.org/7592|https://gerrit.asterisk.org/7592] By: Friendly Automation (friendly-automation) 2017-12-18 09:07:14.182-0600 Change 7591 merged by Jenkins2: chan_sip: Add security event for calls to invalid extension. [https://gerrit.asterisk.org/7591|https://gerrit.asterisk.org/7591] By: Friendly Automation (friendly-automation) 2017-12-18 09:16:23.211-0600 Change 7590 merged by Jenkins2: chan_sip: Add security event for calls to invalid extension. [https://gerrit.asterisk.org/7590|https://gerrit.asterisk.org/7590] | ||||