Hello geeks,
first of all, I am very disappointed and maybe you can find this frustration in my choice of words. If anybody feels offended, please note that this was not my intention.
I am using asterisk since version 1.2 and while the time went by I decided to choose asterisk 1.8 for a new setup. Now I am facing the problem which has been discussed on many threads in here but for wich I was not able to find a SERIOUS answer - may someone from digium please be so nice and explain in clear words, WHY they changed the code so that I am not able to block attacking IPs?
Yes, you guys know what I mean:
All those discussions that popped up here and their related answers just let me think one thing:“You guys gotta be kidding me.”
I do not know how other voip-admins work on security issues but one of the first things I do is to use SIPVICIOUS against asterisk on the external interface to see what information an attacker might gain. And it is hillarious that I cannot block such IPs (with Fail2Ban or AgentSmith) because asterisk “was re-programmed in such a way” that it lazily does not log the attacking IP.
Of course, I always set alwaysauthreject and allowguest to the suggested values, because with that security issue I do not have a choice ! Of course I never used type=friend as long as I do not need to. All these tips do not shoot the problem and should always be used were appropriate.
I do really wonder how this change of behaviour can be accepted by anyone in the voip-area. Since I do not see any changes on this topic I tend to write some exploits with my fellows at metasploit to prove how this issue can lead to a DoS-attack - maybe then someone wakes up @ digium.
Trying to bring it back to a constructive discussion:
- Why did you change the code for logging ?
- Is there a patch that corrects the logging of asterisk ?
- If there is one patch, why isn’t it integrated in 1.8-CURRENT ?
- Does digium really suggests its customers to fall back to version 1.6 or even 1.4 ?
- Did you ever use SIPVICIOUS ?
- What else plea you got ?
Best wishes, r0n