[asterisk-bugs] [Asterisk 0013950]: on excessive registraton failures: security feature to lockout the IP

Asterisk Bug Tracker noreply at bugs.digium.com
Mon Nov 24 09:39:12 CST 2008


The following issue has been CLOSED 
====================================================================== 
http://bugs.digium.com/view.php?id=13950 
====================================================================== 
Reported By:                jperry999
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   13950
Category:                   Channels/chan_sip/Registration
Reproducibility:            N/A
Severity:                   feature
Priority:                   normal
Status:                     closed
Asterisk Version:           1.4.18 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
Resolution:                 open
Fixed in Version:           
====================================================================== 
Date Submitted:             2008-11-22 13:20 CST
Last Modified:              2008-11-24 09:39 CST
====================================================================== 
Summary:                    on excessive registraton failures: security feature
to lockout the IP
Description: 
I found out the hard way that if the SIP port (5060) is available to the
public Internet on the Asterisk box that it is VERY easy for someone out
there to find your extensions then scan for the valid "secret" password.
With that, they simply "Register" as the extension and Asterisk now thinks
they ARE the internal extension!

Since the only way they can discover passwords is with running hundreds or
thousands of attempts to see what grants access to a Register command (all
which can be done in a matter of minutes, since computers are so fast),
what I would like is something in Asterisk to detect a REGISTER password
failure, note the IP address attempting access, and after TWO unsuccessful
tries within an hour, to block that IP address from ANY access for at least
an hour. After a dozen unsuccessful tries from an IP over a day, block that
IP until a human releases it. Also, to give a log-file for unsuccessful
Register attempts, without having to have the other dozens of traffic that
a Debug log level gives.
====================================================================== 

---------------------------------------------------------------------- 
 (0095374) blitzrage (administrator) - 2008-11-24 09:39
 http://bugs.digium.com/view.php?id=13950#c95374 
---------------------------------------------------------------------- 
This type of thing was discussed at AstriDevCon this year (as part of
greater tools to add layers of security to asterisk). However, this is not
the appropriate place te request features. You may bring this discussion up
on the asterisk-users mailing list for discussion and if any code results
from that discussion, then you can open up a bug and attach the code to
that.

Feature requests are not kept open on the bug tracker unless code is
submitted with it.

Thanks! 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2008-11-24 09:39 blitzrage      Note Added: 0095374                          
2008-11-24 09:39 blitzrage      Status                   new => closed       
======================================================================




More information about the asterisk-bugs mailing list