Asterisk 1.4 with SIP

App_rpt-users
1

Hello all,

This is OTish…

I have been trying to find the IP address of SIP hackers, and apparently Asterisk 1.4 logs my public IP rather than that of the offender:

[2015-10-20 21:02:47] NOTICE[20894] chan_sip.c: Sending fake auth rejection for user 1002sip:1002@MYPUBLICIP;tag=2b4388ac

From what I can tell, the issue was resolved in Asterisk 1.6 or 1.8, but I can’t find a patch or hack for chan_sip.c to log the offender’s IP.

I guess my question is, can we move ahead to a newer version of Asterisk? I am running the Debian DIAL (Love it so far BTW!)

Thanks,

73…

Kyle Yoksh

K0KN

Olathe, KS

Allstar 2210-2219

2

Kyle,

No.� app_rpt and associated files have not yet been ported to a

newer version of Asterisk (they won’t work due to changes in the
internal structure of newer versions to include compiling without
some hacks to put things back in asterisk that are needed).� I’ve
been working on it, and have most of them poted to 1.8, but they are
not by any means production ready and as of late I’ve been working
on a paying gig, so the app_rpt stuff has been moved over – I
should be back at it in this next week.

If you need SIP, setup another box with a newer version of Asterisk

to receive incoming calls, screen them and then send them to your
AllStarLink Asterisk box.

I recommend running fail2ban on the machine that has SIP facing the

internet as well.

73

Stacy

KG7QIN
···

On 10/20/2015 10:08 PM, K Yoksh wrote:

Hello all,

This is OTish…

    I have been trying to find the IP address of SIP hackers, and

apparently Asterisk 1.4 logs my public IP rather than that of
the offender:

          [2015-10-20 21:02:47] NOTICE[20894] chan_sip.c: Sending

fake auth rejection for user
1002sip:1002@MYPUBLICIP;tag=2b4388ac

          From what I can tell, the issue was resolved in

Asterisk 1.6 or 1.8, but I can’t find a patch or hack for
chan_sip.c to log the offender’s IP.

          I guess my question is, can we move ahead to a newer

version of Asterisk? I am running the Debian DIAL (Love it
so far BTW!)

Thanks,

          73..

Kyle Yoksh

K0KN

Olathe, KS

Allstar 2210-2219




_______________________________________________
App_rpt-users mailing list
To unsubscribe from this list please visit and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.

App_rpt-users@ohnosec.orghttp://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-usershttp://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users

3

If you aren't expecting any inbound connections, you can safely remove
the NAT mappings for the SIP ports on your gateway device, since it
won't affect anything.

The porting to 1.8 is just a step to getting it updated. Not sure what
the plan is yet once it works on 1.8, since that version of Asterisk is
going to hit end-of-life soon. It will likely be a way point on the
path to a higher version, not sure and no promises.

-Stacy

···

On 10/20/2015 11:31 PM, K Yoksh wrote:

Thanks for the info. I'll be anxious to check out a newer version when
it is ready.

I'm not using the SIP for pstn, just a few desk and soft phones.. The
hackers aren't going to make any free calls via me.. Hi hi