[asterisk-users] How to stop intruder from registering sip?
Warren Selby
wcselby at selbytech.com
Mon Jun 14 10:12:59 CDT 2010
On Sun, Jun 13, 2010 at 3:06 PM, sean darcy <seandarcy2 at gmail.com> wrote:
> But I'm struck with your notion of having sip user ids different from
> extensions. That would not require any user effort, or messing with each
> phone. But...
>
It'd be just as much effort as changing the passwords for each phone.
You'll have to modify the SIP USERNAME setting on each phone you want to
change the username for, the same as modifying the SIP PASSWORD setting for
each phone.
I'd recommend changing all of the passwords, modifying them on the phones
themselves, and then setting up a fail2ban solution that will ban anyone who
has more than 5 failed password attempts in less than a few minutes. You
can even leave iptables setup to allow all, and just block the IPs that
fail2ban triggers on.
In your situation, using a password like 0000, you may not end up with 5
failed password attempts, as that's usually one of the first things the
scripts out there will try, so fail2ban will only help you if you up your
password security.
I've had trouble getting the permit/deny trick to work as an IP filter in
the past, so instead I went with an iptables / fail2ban solution, along with
difficult to guess passwords.
--
Thanks,
--Warren Selby
http://www.selbytech.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100614/bcf8bf84/attachment.htm
More information about the asterisk-users
mailing list