On Tue, Jun 12, 2012 at 11:44 AM, cosmaschi cristian <[email protected]> wrote: > hello , > > I run asterisk and some aastra scripts. > > when i call aastra scripts from my ipphone i get false positives. > > how can i exclude aastra phones from being blocked by osses. > > > > > Alert list > 2012 Jun 11 15:57:55 Rule Id: 31106 level: 6 > Location: (Z09) xx.2x.1xx.xx4->/var/log/httpd/access_log > Src IP: 73.102.152.148 > A web attack returned code 200 (success). > 73.102.152.148 - - [11/Jun/2012:15:57:35 -0400] "GET /aastra/asterisk/ > incoming.php?number=6133266214&name='Trust%20OttoMan'&user=201 HTTP/ > 1.1" 200 113 "-" "Aastra57iCT MAC:00-08-5D-25-C4-BB V:3.2.2.1141-SIP" >
There are a number of solutions: Don't block on that rule. Filter it out using rules. Create white lists for the IP phones. Probably more, but that should get you started.
