[asterisk-users] Security issue

Tilghman Lesher tilghman at mail.jeffandtilghman.com
Mon Feb 9 06:37:42 CST 2009


On Monday 09 February 2009 04:17:47 Gordon Henderson wrote:
> On Fri, 6 Feb 2009, oumar ndiaye wrote:
> > Is there a way to restrict connection to my asterisk server to users
> > based on their IP addresses, and not just password. I have some hackers
> > who connect to my server to make illegitimate solicitation calls to
> > people. I had to shutdown the server for now until I find a solution. ANY
> > HELP?
>
> I'm curious about hackers getting in when you have username and passwords
> set.
>
> How are they cracking the passwords in the first place?

Typically, the issue is that people set all numeric usernames and passwords,
which are incredibly easy to scan for and brute force.  If you expand your
usernames and passwords to alphanumeric, these activities become exponentially
more difficult.

-- 
Tilghman



More information about the asterisk-users mailing list