[asterisk-users] Security Against brute force attack
Coco Richard
richard.kingcoco at gmail.com
Thu Nov 19 06:32:53 CST 2009
Hi,
there are several possibilities do to it
REGISTER Username/Extensions Enumeration
INVITE Username/Extensions Enumeration
OPTION Username/Extensions Enumeration
for more information:
http://www.hackingvoip.com/presentations/sample_chapter3_hacking_voip.pdf
rich...
On Thu, Nov 19, 2009 at 12:46 AM, Rasmus Männa <asterisk at razu.pri.ee> wrote:
> Hi All,
>
> I must say that there are many ways to detect password attack cause this
> information actually goes into logs and it's possible to analyze them.
> Couple of hours thinking + day or 2 creating gives a really nice result. Bad
> thing is that by the time someone will start guessing password with
> dictionary attack or brute force (it doesn't matter) he already knows what
> is the account name/ID.
>
> All this leads me to question which is (from my point of view) a bit more
> important. Is there any way to detect SIP/IAX account guessing without
> actually dumping UDP flow ? I tried some _hacking_ tools and these create
> only some logs in debug mode. Using debug is not always an option cause in
> some cases it creates ~5MB log in a minute - such flow is quite impossible
> to handle.
>
> Does anyone have any experience catching account guessing attempts
> automatically ? Any kind of ideas would be wonderful :)
>
> thx a lot,
> --
> razu
>
>
> On 11/18/2009 10:01 PM, Ioan Indreias wrote:
>
> Hello Xavier,
>
> Unfortunately we are not aware of any Asterisk configuration which will
> protect against of a brute force attack on SIP.
>
> We use BFD - http://www.rfxn.com/projects/brute-force-detection/ .
>
> We have found first details here: http://engineertim.com/?cat=15 and
> we are currently maintaining 4 rules (SIP and IAX) . All of them could be
> downloaded from here:
> http://www.modulo.ro/Modulo/downloads/tools/tenora.bfd.tar.gz
>
> We have tried to document the installation of BFD on an Asterisk server
> here:
> http://www.modulo.ro/Modulo/ro/Articole/Securitate_pentru_servere_Asterisk.html (in
> Romanian)
>
>
> HTH,
> Ioan (Nini) Indreias
> www.modulo.ro
>
>
> On Mon, Nov 16, 2009 at 7:24 PM, TDF <aja101561 at gmail.com> wrote:
>
>> fail2ban
>>
>>
>> http://www.voip-info.org/wiki/view/Fail2Ban+%28with+iptables%29+And+Asterisk
>>
>>
>> 2009/11/16 Xavier Mesquida <xavimes at yahoo.com>
>>
>> Has Asterisk any protection against brute force attack for SIP
>>> authentication?
>>> Something like a maximum login attempt limit
>>> Thanks
>>>
>>>
>>>
>>
>> _______________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>> http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20091119/7f1608f2/attachment.htm
More information about the asterisk-users
mailing list