PJSIP, auth_username: avoiding false alarms

oliv2831 · February 21, 2023, 10:53am

Hello,
In [1], you can read:
“Delaying the security events can result in a delay before an attack is recognized. The following global res_pjsip options control these false security events only if “auth_username” is listed in the endpoint_identifier_order option: unidentified_request_count, unidentified_request_period, and unidentified_request_prune_interval.”

How can I configure an Asterisk instance to not log a security event, when a remote endpoint for which auth_username is enabled, is sending a request which has not been challenged yet ?

[1] Identifying an endpoint in PJSIP ⋆ Asterisk

Best regards

oliv2831 · March 16, 2023, 4:01pm

Replying to myself, hoping this could help others, I only had to had the following lines in my pjsip.conf file

[global]
endpoint_identifier_order=ip,username,auth_username,anonymous

After doing so, when an auth_username identified endpoint sends an OPTION, this OPTION message is challenged but no NOTICE message is logged.