[asterisk-bugs] [Asterisk 0013950]: on excessive registraton failures: security feature to lockout the IP

Asterisk Bug Tracker noreply at bugs.digium.com
Sat Nov 22 13:20:44 CST 2008 

The following issue has been SUBMITTED. 
====================================================================== 
http://bugs.digium.com/view.php?id=13950 
====================================================================== 
Reported By:                jperry999
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   13950
Category:                   Channels/chan_sip/Registration
Reproducibility:            N/A
Severity:                   feature
Priority:                   normal
Status:                     new
Asterisk Version:           1.4.18 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             2008-11-22 13:20 CST
Last Modified:              2008-11-22 13:20 CST
====================================================================== 
Summary:                    on excessive registraton failures: security feature
to lockout the IP
Description: 
I found out the hard way that if the SIP port (5060) is available to the
public Internet on the Asterisk box that it is VERY easy for someone out
there to find your extensions then scan for the valid "secret" password.
With that, they simply "Register" as the extension and Asterisk now thinks
they ARE the internal extension!

Since the only way they can discover passwords is with running hundreds or
thousands of attempts to see what grants access to a Register command (all
which can be done in a matter of minutes, since computers are so fast),
what I would like is something in Asterisk to detect a REGISTER password
failure, note the IP address attempting access, and after TWO unsuccessful
tries within an hour, to block that IP address from ANY access for at least
an hour. After a dozen unsuccessful tries from an IP over a day, block that
IP until a human releases it. Also, to give a log-file for unsuccessful
Register attempts, without having to have the other dozens of traffic that
a Debug log level gives.
====================================================================== 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2008-11-22 13:20 jperry999      New Issue                                    
2008-11-22 13:20 jperry999      Asterisk Version          => 1.4.18          
2008-11-22 13:20 jperry999      SVN Branch (only for SVN checkouts, not tarball
releases) => N/A             
======================================================================

More information about the asterisk-bugs mailing list