[asterisk-users] How to stop intruder from registering sip?

William Stillwell (Lists) william.stillwell-lists at ablebody.net
Thu Jul 1 07:43:38 CDT 2010



Also, technically your "101This is a salt" is stronger than your SHA1 Hash.

Let's say you stick with the "17 character password"

You are using 0-9, a-z, A-Z, and space.

0-9 = 10
a-z = 26
A-Z = 26
Space = 1
Total Possible Values = 63

17^63 = 3.2982384238829760312713680399948e+77

Your sha1 is using 0-9, a-f

0-9 = 10
a-f = 6

40^16 = 42949672960000000000000000

Your best defense would be:

1) don't use the extension # as the username
2) don't use any form of word out of any dictionary for user or password
3) try to make username/password as long as possible

4) don't use the [default] in the extension.conf (just in case you missed
something, and someone gets in somewhere.

5) use fail2ban or some other type of system to block ip's of remote systems
that attempt to authenticate more then 5 times in a minute and fail. (less,
whatever your feel is sufficient)




-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Tzafrir Cohen
Sent: Thursday, July 01, 2010 5:48 AM
To: asterisk-users at lists.digium.com
Subject: Re: [asterisk-users] How to stop intruder from registering sip?

On Wed, Jun 30, 2010 at 11:50:49PM -0500, Tilghman Lesher wrote:
> On Wednesday 30 June 2010 18:38:51 Steve Edwards wrote:
> > On Sun, 13 Jun 2010, Tilghman Lesher wrote:
> > > I would generally suggest something a little more deterministic (where
> > > 101 is your extension):
> > >
> > > $ echo '101This is a salt' | sha1sum
> > > 22c3c098bfc2289396af84ecfb1ab77419a6537e
> >
> > Aside from being 8 characters longer, why do you prefer sha1sum to
md5sum?
> 
> The use of MD5 is gradually being displaced, as crypto attacks are getting
> better.  Since SHA1 is usually the replacement, I went with it, since it's
> also likely to be available on systems.  While SHA1 will eventually
succumb to
> the same attacks as MD5, due to its larger bitstrength, it has quite a few
> years left in it, before we need to start thinking about SHA256 or SHA512
to
> replace it.

So, assuming I can relatively easily come up with another phrase that
gives the same md5sum as the one of '101This is a salt', what does it
help me with breaking the next extension?

I prefer shorter names. An md5 checksum is too long as-is. Maybe simply
get the first 8 characters from it and hope they are unique. For a small
sample size (I suspect even a few 1000-s here would be small enough) I
would not expect any collisions.

-- 
               Tzafrir Cohen
icq#16849755              jabber:tzafrir.cohen at xorcom.com
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir

-- 
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users





More information about the asterisk-users mailing list