[asterisk-users] how to show used "wrong password"
Kevin P. Fleming
kpfleming at digium.com
Tue Mar 13 09:53:15 CDT 2012
On 03/13/2012 08:11 AM, A J Stiles wrote:
> On Tuesday 13 March 2012, Randall wrote:
>> hi all,
>> have asterisk set up in combination with fail2ban.
>> all works as expected only there is 1 extension that is trying to
>> register with a wrong password causing fail2ban to block the IP address,
>> normally that is ok behaviour but i have several extensions on that IP
>> ..... snip .....
>> anyway to see which "wrong password" is being used?
> (And don't underestimate the power of simply disconnecting things until it
> works ..... last thing you disconnected was the faulty one.)
This will not help. Assuming we are talking about a SIP REGISTER here,
the password is *not* sent in the request. Asterisk issues a challenge
including a randomly generated value (called a 'nonce'), then the UA
attempting to register responds to that challenge with an MD5 digest of
a string composed of various elements, including both the nonce and the
shared secret ('password'). Asterisk computes the same digest
internally, and if they match, then the assumption is that both ends
know the shared secret.
By their very nature, digest functions are not reversible; given the MD5
digest present in an SIP request containing an Authorization header,
there is no way to figure out what shared secret was used in the
computation of that digest. Since you know the nonce and the other
portions of the calculation, you could attempt to try various 'likely'
passwords to see if any of them result in the same digest value... this
is called the brute-force method, and it could take a *very* long time
to arrive at a shared secret that would allow the endpoint to register.
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
Jabber: kfleming at digium.com | SIP: kpfleming at digium.com | Skype: kpfleming
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at www.digium.com & www.asterisk.org
More information about the asterisk-users