On May 14, 2009, at 7:25 AM, Alex Balashov wrote: > ContactTel Business wrote: > >> Here is the trace.. please DEVs... add a reporting option to sip >> stack that >> will report on that ip , or something.. > > That's not really plausible.
Well, that's not entirely true. There is an effort under way to create a separate logging channel for security events, which each channel method could then populate with incidents it feels are "bad" - this would obviously be channel- dependent, but there are some common criteria for VoIP connection issues that can be standardized. An external program would then have to make sense of those events. At a minimum, a framework for reporting illegitimate (and legitimate) authentication or authorization attempts would allow forensics in a post-event situation and/or permit external scripting to deflect some of the attack methods. This was discussed to some degree on -dev, and extensively at the Asterisk European Developers Meet-Up, though a summary proposal has yet to be sent to -dev for discussion. If anyone is interested in helping with the effort, I'd suggest keeping an eye on the -dev mailing list for the write-up. JT ---- John Todd email:[email protected] Digium, Inc. | Asterisk Open Source Community Director 445 Jan Davis Drive NW - Huntsville AL 35806 - USA direct: +1-256-428-6083 http://www.digium.com/ _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
